Closed Bug 1309513 Opened 3 years ago Closed 3 years ago
Drop-down lists - Design issue for Remember logins for sites
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0 Build ID: 20160922113459 Steps to reproduce: 1. Open Mozillla Firefox Version : 49.0.1 on Public Computer. 2. Go to Options -> Security and Check the Checkbox - "Remember Logins for Sites" 3. Try to navigate to any website and Sign-in using required respective User Credentials (Username and Password). 4. After Clicking 'Submit' button a Popup is generated with 'Remember' as default option and 'Not now', 'Never Remember Passwords for this site'. 5. User accidentally clicked on 'Remember' and proceed further. 6. User Credentials(Username and Password) are saved now in Browser. 7. It can be viewed with Options -> Saved Logins 8. Select Required site and See Password. Actual results: Consider, User is using public Computer on Internet Cafe, Colleges, Library.(Open for certain time) Here the 'Remember' option is selected by default. If users accidentally clicks on the select menu - default Remember option , and User's account credentials are immediately stored on Browser. The attacker exploit this by going into Saved Logins' options, copies credentials and delete it, so that user does not gets suspicious. I have no idea for Firefox with Phone or Tablet on Android or iOS. If you consider this is critical enough to fix issue, then you can test on it as well. Expected results: A requirement whether Drop down box should be implemented or not is based on Usability Testing Design principles. When drop-down lists have less than 7 options they suffer from a lack of up-front information. The user has to click in order to see the available options. Reference Link for more Information: http://baymard.com/blog/drop-down-usability http://www.lukew.com/ff/entry.asp?1950 http://uxmovement.com/forms/stop-misusing-select-menus/
Component: Untriaged → Security
OS: Unspecified → Windows 7
Priority: -- → P4
Hardware: Unspecified → x86_64
Doesn't need to stay security-sensitive.
Component: Security → Site Identity and Permission Panels
Okay. Thank you for your time. You can close the issue.
Anand, I think this is a valid concern , but it's in the enhancements area.
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
a) I think this should have been triaged to password manager b) The dropdown is getting replaced with two larger buttons (Don't save & Save) in bug 1282768 which should address the concern.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1282768
You need to log in before you can comment on or make changes to this bug.