Closed Bug 145797 Opened 22 years ago Closed 22 years ago

[rfe] Way to force the use of password manager despite site "opt out" with autocomplete=off

Categories

(SeaMonkey :: Passwords & Permissions, enhancement)

Product:
SeaMonkey
Component:
Passwords & Permissions
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: nick, Assigned: morse)

Details

Tthere should be a way of *manually* forcing a password to be saved. I guess
that banks have problems with the automatic activation of the pw manager. I'm
talking of a context menu.. like.. "force the use of password manager to store
this password". And there could be a warning "This site has requested the
password to be handled with special care. Are you sure you want to store the
password in the pw?".

It's my computer and I have to have the final decision on what goes into the
password manager.

*** This bug has been marked as a duplicate of 124065 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Uh? That bug was about adding a preference to automatically save all passwords
(when there's a master password). This bug is about an UI option for manually
overriding and force the use of pw manager.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
I would agree that such a facility is needed -- there is no convenience benefit
in having a web password autocompleted if you have to first enter a password in
order to do so! (If you had multiple login forms / difficult to remember
passwords, then there would remain an advantage, but I doubt this is the usual
case.) An override UI would make this more logical.

(Not to mention that a user should ultimately be able to do this if they really
wish, especially when "autocomplete=off" is abused by sites such as Yahoo...)

This isn't a perfect solution, but here's a 'bookmarklet' that you can use to
'fix' an offending page.  Once it's fixed once and the password is saved,
Mozilla will autofill it just fine each time in the future.  The javascript to
put into a bookmarklet is:

javascript:(function(){var x,i; x = document.forms; for (i = 0; i < x.length;
++i) x[i].setAttribute("autocomplete","on"); alert("Changed " + x.length + "
forms to use autocomplete.  After submitting a form from this page, you should
be able to save the password."); })();

I hope that gets saved okay...  It all has to be on one line, and you put it
into a bookmark on your personal toolbar.  Click it when you're on a financial
(or yahoo mail) page, and it'll 'fix' any forms on the page to be autocompletable.

If it didn't save properly, then go to http://www.vixen.com/bookmarklet.phtml
and do as it bids.  This fixes it 'enough' for me to no longer worry about a
source fix, but for users wanting something simpler, they may need a more
internal solution.


--  rh
I also wrote a bookmarklet that does the same thing:
http://www.squarefree.com/bookmarklets/pagelinks.html#remember_password.  Mine
also removes onsubmits, which is necessary for Yahoo Mail but not for other
sites that ask Mozilla to disable password manager.
This bug should be wontfix. If fixed, it would cause many banks, financial
institutions, and web sites to block Mozilla.

If you don't like how the site works, then don't go there. If you want to hack
around with Mozilla, or create a bookmarklet, go ahead. That's your own deal.
Let's clarify what this bug is all about.  Comment 2 says

> Uh? That bug was about adding a preference to automatically save all
> passwords (when there's a master password). This bug is about an UI
> option for manually overriding and force the use of pw manager.

Now that's two separate issues.  Namely

1. have a pref to override autocomplete=off when not using encryption (there 
already exists such a pref when using encryption)

2. have a UI to access that pref.

This bug report is about the pref only.  If you want a UI for it, then open a 
separate bug.
Status: REOPENED → ASSIGNED
Well, my original intention when reporting this bug was to have a manual way to
force a one-time use of the pw manager. Example:

No pref changed, you go to Yahoo and the password is not saved because
autocomplete=off is there. The user right-clicks in the form and gets a menu
option saying: "Force saving this password despite server choice". He might get
a confirmation window informing him of the situation: "This site has stated that
the password must be handled with great care. Saving the password into the
Mozilla's password manager have the following implications.... blah blah   [Save
the password] [Don't save it]".

OK, now that you've clarified this, this bug wont get fixed.  It would cause all 
the financial sites to pull the plug on the browser.

I've opened bug 154825 to do what I thought you were asking for.  That one has a 
chance of really being implemented.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → WONTFIX
I don't think so. Banks disable autocomplete because in Explorer it's activated
by default, and by default everything get saved (coupled with users clicking ok
in every dialog-box they see). If you've been to an internet cafe you know what
I'm tlaking about, you often see that Explorer has saved other people passwords.
This feature would be invisible to those naive users.
Why would banks block Mozilla if you can do it manually, but don't block Mozilla
if you can do it automatically. This sounds like FUD.

pi
*** Bug 270321 has been marked as a duplicate of this bug. ***
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.