Closed Bug 1592050 Opened 1 year ago Closed 18 days ago

Firefox Lockwise does not allow users to search via password with Master Password enabled

Categories

(Firefox :: about:logins, enhancement, P3)

Product:
Firefox
Component:
about:logins
Version:
70 Branch
Platform:
Desktop
All
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
87 Branch
Tracking Flags:
Tracking Status
firefox87 --- verified

People

(Reporter: mozilla, Assigned: tgiles)

References

Details

Attachments

(1 file)

Bug 1592050 - Allow search via password in about:logins with Primary Password enabled. r=sfoster,dimi
48 bytes, text/x-phabricator-request
Details | Review

Users have been complaining that they cannot type a password in the Firefox Lockwise search bar to see all accounts using that password when Master Password is enabled. It will work without Master Password.

Perhaps the Firefox Lockwise system should ask for the Master Password when the user opens the about:logins page and then give them the same functionality as non-Master Password users.

Status: UNCONFIRMED → NEW
Type: defect → enhancement
Ever confirmed: true

Users have been complaining

Just to add one reference: https://support.mozilla.org/en-US/questions/1271294#answer-1261605

I'm also affected as now I'm unable to search for password of my company. As this password is changed all three months it is absolute required to be able to search and edit the password for all URLs used with this password. This is IMHO a major bug not only an enhancment

This will probably get solved by bug 1584126 for now.

Depends on: 1584126
Blocks: 1567423
No longer depends on: 1584126
Priority: -- → P3

Please fix before the workaround will be gone. See https://support.mozilla.org/en-US/questions/1271294#answer-1261369:

Clearing the value of signon.management.overrideURI = <blank> makes about:preferences > Saved Logins ... show the old dialog; about:logins still points to lockwise (even with the workaround in place).

Personally, this is even a solution (not just a workaround) - as long as the old code is not removed.

It looks like the workaround was removed (signon.management.overrideURI unknown in 77.0.1) before providing a way to search by password and bulk remove logins. The search can be performed after (temporarily) removing the master password, but bulk remove is not available afaik.

While this is bad news, lockwise recently suggests logins from sibling and sub domains. I am now trying not to store all credentials for all corporate tools, but have a single login stored for the main domain. However, this workaround does not help when there is no such domain (e.g. browse to tool1 and tool2 instead of tool1.example.com and tool2.example.com).

Meanwhile I'm using keepassXC / keepass2android together with owncloud for local storage only

This is really anoying - if for example same password leaks, and you use it for multiple sites, there is no way to find them in the lockwise password manager...

Assignee: nobody → tgiles
Status: NEW → ASSIGNED
Pushed by tgiles@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/cdb720170b88
Allow search via password in about:logins with Primary Password enabled. r=sfoster,dimi

https://hg.mozilla.org/mozilla-central/rev/cdb720170b88

Status: ASSIGNED → RESOLVED
Closed: 18 days ago
status-firefox87: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch

I have verified this issue using the latest Firefox Nightly 87.0a1 (Build ID: 20210212100155) on Windows 10 x64, Ubuntu 20.04 and macOS 11.1.

  • Searching via password is allowed on the “about:logins” page when the Primary Password is set.
Status: RESOLVED → VERIFIED
status-firefox87: fixedverified
You need to log in before you can comment on or make changes to this bug.