Autocomplete on 2fa enabling function

RESOLVED WONTFIX

Status

()

bugzilla.mozilla.org
General
RESOLVED WONTFIX
2 years ago
2 years ago

People

(Reporter: Muhammad Shahmeer, Unassigned)

Tracking

Production

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.82 Safari/537.36 OPR/35.0.2066.37

Steps to reproduce:

I was able to find out that there is autocomplete on the internal 2fa password field completing voiding the concept of password entrance on that field

https://bugzilla.mozilla.org/userprefs.cgi?tab=mfa


Actual results:

Non


Expected results:

There is should be no complete on that particular field

Updated

2 years ago
Assignee: general → nobody
Component: Bugzilla-General → General
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production
Note that Firefox ignores autocomplete=off and we specifically do not take counter-measures to defeat this.
See Bug 956906 for that behavior.

dkl: This is correct, right?
Flags: needinfo?(dkl)
(In reply to Dylan William Hardison [:dylan] from comment #1)
> Note that Firefox ignores autocomplete=off and we specifically do not take
> counter-measures to defeat this.
> See Bug 956906 for that behavior.
> 
> dkl: This is correct, right?

the 2fa code field isn't a password field, so setting the autocomplete attribute should work.
https://dxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/LoginManagerContent.jsm#651
Flags: needinfo?(dkl)
(In reply to Byron Jones ‹:glob› from comment #2)
> (In reply to Dylan William Hardison [:dylan] from comment #1)
> > Note that Firefox ignores autocomplete=off and we specifically do not take
> > counter-measures to defeat this.
> > See Bug 956906 for that behavior.
> > 
> > dkl: This is correct, right?
> 
> the 2fa code field isn't a password field, so setting the autocomplete
> attribute should work.
autocomplete is turned off for the code field. autocomplete=off is not set for the password field.


Muhammad: You specifically mean the password field, correct? Not the code field?
Flags: needinfo?(shahmeerbond)
(In reply to Dylan William Hardison [:dylan] from comment #3)
> Muhammad: You specifically mean the password field, correct? Not the code
> field?

if this is referring to the password field this bug is probably a wontfix (or it should be morphed to disable autocomplete on the code field).

as per bug 1237596, fighting this browser feature isn't worthwhile, and we don't set autocomplete=off on our login form.
Note that for code:
<input name="code" id="mfa-totp-enable-code" placeholder="123456" maxlength="6" pattern="\d{6}" size="10" autocomplete="off" type="text">
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(shahmeerbond)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.