Open Bug 1623431 Opened 4 years ago Updated 2 years ago

Don't autofill in password fields our heuristics identify as new-password fields

Categories

(Toolkit :: Password Manager, enhancement, P3)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement

Tracking

()

Tracking Flags:
Tracking Status
firefox-esr68 --- wontfix
firefox74 --- wontfix
firefox75 --- wontfix
firefox76 --- wontfix

People

(Reporter: MattN, Unassigned)

References

Details

(Whiteboard: [passwords:fill-ui] [passwords:generation])

In bug 1119063 we stopped autofilling in autocomplete=new-password and in bug 1595244 we will start using other heuristics to determine if a field expects a new password, rather than a saved one but bug 1595244 won't stop us from autofilling a saved password into a field expecting a new one. This is partly because we are trying to use Fathom for that bug and there are performance concerns about using Fathom on page load but also to reduce the scope of that work. That means that currently we may autofill a saved login into a field that we will offer password generation on once the field is cleared by the user. The user can always force password generation without clearing the field using the context menu.

If we can get Fathom performance acceptable on page load then we can stop autofilling existing logins in these fields.

Flags: qe-verify+
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.