Closed Bug 16086 Opened 20 years ago Closed 20 years ago

prompted to have browser remember my password even tho no pw

Categories

(SeaMonkey :: General, defect, P3)

All
Mac System 8.5
defect

Tracking

(Not tracked)

VERIFIED WORKSFORME

People

(Reporter: Brade, Assigned: morse)

References

()

Details

After submitting my second bugzilla query I see the following message prompt:
 "For your convenience, the browser can remember your user names and passwords so
you won't have to re-type them in the future.  Your passwords will be obscured
before being saved on your hard drive.  Do you want this eature enabled?"

I find this prompt very confusing for the following reasons:
 * I didn't enter a user name or password on that form
 * the use of the term "obscured" seems like it might need more explanation or
another term should be used.

Feature Request: I shouldn't see this prompt unless I had a password input field
or the message should change to be clearer of the feature being enabled when
there isn't a "user name and password"
Status: NEW → ASSIGNED
Target Milestone: M11
I tried this and did not get the message.  But I am running on a windows box.
Paulmac, can you try this on your mac and see if you are able to reproduce the
problem.  Thanks.
Hardware: Macintosh → All
This behaviour does happen on Windows - observed on M10 on both 95 and NT,
and M11 build 1999101109 on NT - but only the very first time bugzilla
is visited after a fresh install. Given the nature of this behaviour,
it almost certainly affects All OS.

Comments:  Strictly, this doesn't look like a bug, it seems to work
as designed. I'm not as sure as brade@netscape.com is that the behaviour
is completely unwanted, but I agree that the UE could be improved.

A better time to ask for a password for identifiers and credentials
would be while setting up a profile. The same password could be
used for protecting all stored autofill/wallet data. Asking for this
password at profile creation time would be less of an intrusion, and
would find the human in a mindframe more congruent to setting and
either remembering or writing down a password.

For this reason, I would advocate adding an interface for this
type of password to the Preferences. Both a [Set Password] and a either
a [Don't remember anything!] or a [Forget Wallet Entries] button would be
needed... unless anyone would advocate having the forgetful human be prompted to
enter a password to recall the password for a site, repeatedly, only to have to
cancel the prompt for the password for the password every time... and then have
to enter the site's password each time.

With that scenario, the "For your convenience..." and password-setting dialogs
would interrupt the first form submission only if that section of the
Profile Wizard was skipped entirely during profile setup.

At the same time, it would be less jarring to see a "Do you really want to
use a blank password?" dialog than to see a "Confrim Password" dialog after
clicking [OK] to a blank set-password dialog, for anyone, and especially
newbies.

I'd guess that, as with many optional security measures, a plurality of
users won't bother setting a password for this purpose.
I can't believe this is happening -- it definitely works for me.  I started off
by wiping out my profile directory and my mozregistry.dat file.  Then I entered
the browser.  I get the profile-creation window and enter a profile name.  Then
the browser come up.  I go to buzilla.mozilla.org.  I select the "query" link.
Fill in a query and submit it.  At this point I get the following one-time-only
dialog which is to be expected:

"You can save information that you enter on forms and later automatically
prefill that information on other forms.  To save such information, select
edit/wallet/capture from the menu while viewing the form."

The bug report says that the bad message (about remembering usernames and
passwords) occurs on the *second* query so I go back to the query form and
submit it again.  I absolutely do not get a dialog.

sidr, are you sure you are seeing the dialog that brade complained about?  Or
are you seeing the good dialog as I quoted above.  As I said, this good dialog
is what we expect and is the intended behavior of the product.

Regarding your suggestion about setting up the database password at
profile-creation time, this had been considered.  In fact, I was going to use
the same password that the user selected for his profile.  Then the profile
people decided not to solicit a password to protect the profile.  So that left
me high and dry and I had to do our own soliciting for the password.

Your other suggestion of putting password options into the preferences is not a
good idea.  Only power users ever go to the preference panel so the average
(novice)user would never discover it.

Don't be too concerned about the second dialog asking for password confirmation.
That is just temporary.  It is anticipated that the dialog people will be giving
us a single dialog with two password fields and we won't have to use the
back-to-back dialogs in the final product.

So, dismissing the several request-for-enhancement issues mentioned in this bug
report, let us focus on the bug itself.  Paulmac, can you verify that we are
really getting the "bad" dialog when submitting a bugzilla query?  On the mac?
On all platforms?  And why am I not seeing it?
morse, no, as I stated, I see the "For your convenience" once only
after saving the default profile for each build/OS combo, and yes,
I always kill mozregistry.dat. To eliminate another possibility,
I tried, with a fresh M11 build 1999101109 on NT, going to another
site with a login, first, and then to bugzilla. The "For your convenience"
dialog does seem to come up only once ever, not once per site.

I think I may see what's bothering him, though, and it is vaguely unsettling
to me too. After the "For your convenience" dialog, the two "save password for
this database" dialogs do not immediately follow, but come AFTER the
"Do you want to save ... for this form" dialog. I think the relevant principle
here is finishing one interrruption before continuing with another.

Carefully reading brade's original report, I'm not sure that he ever saw
a bug (just a behaviour he considered broken as designed). Here's why:
it is possible to submit and view results from an arbitrarily large
number of bugzilla queries without ever logging in to bugzilla.
Secondly, I'm not sure brade didn't mean the form generated by
show_bug.cgi when he says that he didn't enter a username or password
on "that form" - after all, while the bugzilla login is a form,
any form with just a username and password field doesn't really
feel like a form. So his second bugzilla query could easily have been
his first bugzilla login. Note also that he does not actually say that
he saw the "For your convenience" dialog twice.

As for my preference for capturing such a password at profile-creation
time rather than at the first site login, my perspective is ISP tech support
calls: this sounds like exactly the kind of pop-up dialog that gets clueless
newbies to call all anxious wondering if they dare even touch their computers
after "this strange message came up." I kid you not. You can see how this
could happen if a fifty-something gets their kid to install the browser,
and the kid isn't around later. But even if a newbie is doing their own
install, a dialog in the profile wizard would be just part of the process,
not a startling intrusion.

That said, I won't say any more about this until after shipping,
but I promise you that if I take one of those calls about that dialog,
I'll submit a bug report!

One final thing: in the "Do you want to save the username and password
 for this form" dialog, the two options are [OK] and [Cancel].
[Yes] and [No] would be more natural by far, and not give the vague
impression that clicking on anything but [OK] may not accomplish the
site login (I used the word clueless above for a reason).
sidr,

First, I should mention that brade is Cathy Brade, so it's "she" and not "he".
But of course you had no way of knowing that.

Second, let's not cloud the issue with requests for enhancements (which should
be put into separate bug reports) but stick with the bug.  There are two
different informative dialogs and each occur once per the lifetime of the
browser (actually the lifetime of the prefs.js file because that's how we keep
track of the fact that the dialog was issued).  One dialog tells about
remembering usernames and password ("For your convenience ...") and the second
about saving information on forms ("You can save ...").  Cathy reported that she
got the "For your convenience..." dialog when submitting a non-password form.
If that really happened, it is a bug.  She should have gotten the "You can
save..." dialog.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
Since I'm seeing that this is working for me, and since nobody has posted
anything to the contrary in the past few days, I'm closing this out as
works-for-me.  If I'm wrong and anybody is still seeing this symptom (namely
one-time remember-password message occuring when submitting a non-password
form), please re-open this bug report.
Sorry I haven't been able to respond here until now (I've been busy with the key
event synchronization stuff).

The day I filed this bug, I saw the two dialogs (on separate page loads).  I got
the "You can save..." dialog after the first page load.  I got the "For your
convenience..." dialog on the second page load when I submitted the bugzilla
query (a non-password form).

I do think I saw a bug; I'll try to reproduce.
Marking Verified as WorksForMe per above comments.  Old bug, have not seen 
on this weeks build.  Please reopen bug if this happens again.  Thanks!
Status: RESOLVED → VERIFIED
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.