Closed Bug 1555856 Opened 5 years ago Closed 1 year ago

Don't autocomplete saved logins on `autocomplete="new-password"` fields when a generated password is also offered

Tracking

()

Status:

RESOLVED WONTFIX

People

(Reporter: MattN, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: [passwords:fill-ui])

Matthew N. [:MattN]

Reporter

Description

•

5 years ago

When we are offering a generated password on autocomplete="new-password" fields, we can consider not autocompleting saved logins since the password generation UI should discourage sites from abusing autocomplete="new-password" to prevent autocomplete/autofill (like autocomplete=off used to). Perhaps we could still let autocomplete suggest saved logins in this case as a contextual fallback.

Flags: qe-verify+

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Sergey Galich [:serg]

Comment 1

•

1 year ago

The concern about abuse of this behavior outweighs the benefit.

Status: NEW → RESOLVED

Closed: 1 year ago

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Don't autocomplete saved logins on `autocomplete="new-password"` fields when a generated password is also offered

Categories

(Toolkit :: Password Manager, enhancement, P3)

Tracking

()

People

(Reporter: MattN, Unassigned)

References

(Depends on 1 open bug)

Details

(Whiteboard: [passwords:fill-ui])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1