Closed Bug 151303 Opened 22 years ago Closed 17 years ago

Kill "Save logon?" dialog box

Categories

(SeaMonkey :: Passwords & Permissions, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 390025
Future

People

(Reporter: uksi, Unassigned)

Details

Remembering site logons is definitely a useful feature. However, as it is right now, I almost never use it. The primary perpetrator is the "Do you want Password Manager to remember this logon?" box. Because this dialog box rudely interrupts my surfing experience with an unimportant question, I propose to remove this dialog box (for good). (All of the following is my opinion and not necessarily a statement of fact.) This box is bad because: 1) I am often not sure whether I entered the correct password, but I can't be sure until the web site responds to my logon attempt. However, Password Manager forces me to decide whether to remember the logon right *now*, before I get the web site's response. It puts me in a gambling position: - if I select Yes, I am afraid that it will remember the incorrect password and will keep prefilling the logon info with incorrect data. If the password indeed turns out to be incorrect, will it remember the corrected logon the next time I try or will it keep on using the original wrong password? There's no (easy) way to tell, apart from trying to find this in the documentation or actually experimenting with it to see what happens. If I do either of these, I lose my concentration on whatever I was going to do, and possibly several minutes of time. Thus, I am quite reluctant to select Yes. - if I select No, I am afraid that if the password indeed turns out to be correct, that I will just keep on surfing (after all, my objective was to log onto the site to do something--remembering the password is a side thing) and the password will not get remembered. To ensure remembering of the password, I'd have to click "Back" after the successful logon and login again while answering Yes to the "Remember logon?" dialog box. It is annoying to do so (after all, I want to get on with my task on the site instead of trying to accomodate the quirks of the Password Manager). - if I select Never for this site... there's a good chance that I may select this option despite wanting to remembered the logon, because I was too unsure of whether to select Yes or No, grew impatient of the dialog box popping up on my logon attempt. So I'm reluctant to select "Yes", I'm reluctant to select "No", and I may select "Never for this site" because I gave up on this feature (a weakling, I know...). So which one do I select? When I'm using a computer, I surely don't want to be gambling. Password Manager's "Remember logon?" box makes me gamble. Bad! 2) "Yes" and "No" are not really an opposite pair. It's really "Yes" vs "Never for this site" and a stray "No". What is the reason for the "No" option anyway? Usually I either want to remember the logon to the site (select "Yes") or not, because I consider the logon to be too important to risk this relaxation on security (which is what Password Manager does). In the latter case, I select "Never for this site". In the former, I'm really saying "Always for this site." So why does one need a "No" option? Why would I want to *not* remember the logon to a website just once? There's a chance that someone is logging in to a website on my computer under their own logon that they don't want me to "have". They would select "No" (or rather "Not this time") instead of "Never for this site" because they don't want to deprive me of the password remembering functionality. If they select "Never for this site", then I have to go to Preferences, Privacy & Security, Passwords, Manage Stored Passwords, Passwords Never Saved and remove the site that my friend selected "Never for this site" for. That's too much effort! Worse, all that such removal (from "Passwords Never Saved" list) achieves is getting me back to square one where I'm prompted with these three choices again. Isn't it very likely that this removal (the fact that I'm putting in the effort to remove the site from this list) indicates that I actually want to save the logon that I'm about to enter? So instead of being able to tell the program "Ok, from now on, please save this logon", I am telling it: "Ok, could you please ask me this question again so that I have a chance to save this logon?" So the "No" option is really an outgrowth of these problems. "No" is used by those who are too reluctant to select "Yes" (see point #1 above) or by those who don't want to force the user to go thru the process of reenabling this question for a particular site. 3) This dialog box gets in the way! I'm logging on to the web site to do something. Saving the password is a side concern of mine. It may be nice when I get tired of entering the password (and only THEN will this feature be important to me), but instead this dialog box insists on interrupting me. When it pops up, I have to stop and think whether I want to save the password. And because the dialog box has the abovementioned problems, I have to think more about whether the password that I entered is truly correct and I want to remember it, or whether I should be remembering this password for this site at all, whether this logon is sensitive/important enough to warrant a "Never for this site" choice. While I'm thinking about these issues, I risk losing focus on what I was doing on the site or reduce my concentration on my task. I may forget some number that I was going to enter or a page that I wanted to check after I logged in, because the time I spent thinking about whether to store the password has pushed some things out of my short-term memory. To avoid losing my focus, I often quickly dismiss the dialog box with a "No". In fact, I have developed a habit to answer "No" to this dialog box, and many times I find myself habitually selecting "No" and then realizing that it would indeed be nice to remember this logon. The core problem is that Password Manager asks me to make the decision when *it* wants, instead of when *I* am ready to make it. It asks me to make this decision way more often times than the times when I'm ready to make it. And when I do make up my mind, there's no easy way for me to tell the computer to remember the password. Instead, I have to tell the computer that it is now OK for it to ask me this decision OK. That's quite silly! Who's supposed to be in control here, the computer or me? Sorry about the ranting, but this dialog box has made me waste time, forget things and feel stupid too often. Here's my proposed solution: 1) Kill the dialog box. 2) After I login to a web site, indicate passively on the screen that I have the opportunity to remember the logon. 3) If I select the indicator, Password Manager saves my logon. Without asking me any questions! The indicator changes to show that the logon has been saved. 4) If I am at a logon page for which Password Manager has already saved the logon, or if I just logged in using a saved logon, Passoword Manager passively indicates (using the same indicator) that the logon is saved (in the way that it did when I clicked to save it). If I select the indicator, Password Manager forgets the login to this site and reverts to the state where it shows that I have the opportunity to save this logon. 5) So it acts like a toggle. If I clicked the indicator to remember my logon and then changed my mind ("Oops, nah I really didn't mean that") then I can click the indicator again and make Mozilla forget the password. And then we're back to step 2. 6) Password Manager preferences no longer have "Never for this site" tab, the only thing that you do in the "Manage Saved Passwords" dialog box is delete saved passwords. (Of course, it'll be just as easy to go to the site and click the indicator to forget the login). 7) The only dialog box that may ever appear during clicking of the indicator is the "Enter Master Password" one, and that's for them paranoid folks. ;) How and where this indicator should appear is debatable. The place that is most realistic to do right now is in the shape of an icon in the status bar, next to the "Online" and "Secure/Insecure" icons. One idea for its appearance is a "Key" for the "Logon is remembered/Click to forget" mode and "Key with X across it" for the "Logon can be remembered/Click to remember" state. Another way would be to just have words "Logon saved"/"Save logon?" appear somewhere on the status bar and be clickable in a form of a button. Or maybe the status bar is not the best idea. That's for the interface buffs to figure out :) Most importantly, I would love the interaction that I proposed, which is user- controlled. I would be able to save my logons when *I* want. I'm tired of typing the login all the time? Ok, let's click. There's no annoying, interrupting, unsure-decision dialog boxes. I changed my mind and don't want it to remember the password? Click.
cc'ing mpt for his opinion
actually reassigning to UI design to have a look...
Assignee: morse → mpt
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Component: Password Manager → User Interface Design
Ever confirmed: true
QA Contact: tpreston → zach
Hardware: PC → All
See also bug 141057, "RFE: do not wait for password dialog user input to submit forms, and show what login info will be stored in the dialog". That would solve the problem of not knowing whether the username/password being saved is correct.
Bug 141057's suggestion definitely reduces the annoyance of the "Save logon?" dialog box. In fact, it would eliminate the first drawback from this bug's original description: i.e. no more gambling/uncertainty when opting to remember the password or not. However, drawbacks 2 and 3 still remain. I can see some problems with bug 141057's suggestion. I don't know of any dialog boxes in Mozilla that persist across page loads. The user may get confused at this new behavior: a dialog box that stays up after the new page is loaded. Often, when users see a new page load up, they are ready to surf it, not answer dialog boxes. Also, what if it obscures the part that lets the user judge whether they logged in or not? (Admittedly, this would happen quite rarely, so nevermind..) What happens if the user clicks on another link on the page? (After all, the dialog box is modeless) Does it stay up until it is responded to or does it disappear? Still, the core problem remains: the password manager dialog box pops up at the computer's whim and has to be dealt with before the user can keep on browsing. This is poor interaction: the computer directs the interaction (requires an answer to a dialog). The alternative that I propose in this bug turns the interaction around, so that only when the user feels like saving the password, he requests it (he guides the interaction). (Or she).
uid is being phased out.
Assignee: mpt → morse
Component: User Interface Design → Password Manager
QA Contact: zach → tpreston
Target Milestone: --- → Future
Reassigning to new module owner.
Assignee: morse → dveditz
I too agree with some of these arguments. I have a password for a secure HTTPS site, and I stored it in Password Manager. So far, so good. The password IS STORED now, so why does this dialog box pop up all the time when I restart Mozilla anyway? *If* a password is already stored, a simple https://andreas@securesite.dot.com should actually link directly to the site, skipping that dialog. Dialog should only pop up for re-entering if the password is WRONG and the web server spits out a 'Permission denied'. My 2 cents.
Product: Browser → Seamonkey
Assignee: dveditz → nobody
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.