Closed Bug 1652464 Opened 4 years ago Closed 4 years ago

www.cnet.com does not accept auto generated password

Categories

(Toolkit :: Password Manager: Site Compatibility, defect)

Product:
Toolkit
Component:
Password Manager: Site Compatibility
Version:
78 Branch
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1198363

People

(Reporter: ard1947, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

went to site https://www.cnet.com and clicked Join/login.
Filled in the required email address, and clicked continue. Firefox attempted to use an autogenerated password, but this did not seem to work.

Actual results:

The "continue" button did not seem to work, but soming out of the form/screen, I DID see the password door-hanger, and accepted it. I used Chrome to test this, and I saw MORE details on what is required (at least 8 characters, mixed case and with numbers ans at LEAST ONE SPECIAL CHARACTER).

Expected results:

The password manager Lockwise should create special characters (either automatically or as required by site code checks), so that user logins are successful. There may be more sites that require this sort of thing. However, CNET have some sort of programmed front-end that does not make the requirements obvious, and this information seems to be blocked out on the Firefox display of it.

Bugbug thinks this bug should belong to this component, but please revert this change in case of error.

Component: Untriaged → Password Manager: Site Compatibility
Product: Firefox → Toolkit

Hey Tony,

We've considered a few different approaches to solving this problem, but there are a couple of pitfalls. A fair number of websites also disallow special characters in passwords, and it's easier to add one to a generated password than to remove one, so for now we've landed on this solution. See bug 1559986.

The other problem here is that the password requirements are only showing up on certain key events. We have a bug open where we've discussed emitting those to avoid this issue (bug 1198363), but it comes with its own set of trade-offs.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
See Also: → 1559986

Hello, I understand that this is a complex issue, and it seems that a lot of sites require special characters. Just to re-iterate the extra issue with this particular site: the requirement "box ticks" in that sites account creation screen, that show password requirements, are NOT visible using Firefox, but ARE visible using Chrome, which is what I had to switch to, so I could understand what was going on. I am not sure if the display difference is caused by the FF password manager, or another issue. If you think this should be reported as a separate bug, please advise.

Sorry, I realize my comment wasn't totally clear. The site in question is using a non-standard practice to change the visibility of the password requirements, doing so when you press a key (you can verify this by generating a password in Firefox then, while the input is focused, tapping any key). A fair number of sites make this mistake, so Chrome dispatches fake 'key up' events when it fills a password in order to compensate. We consider taking a similar approach in bug 1198363, but haven't yet made a final decision.

You need to log in before you can comment on or make changes to this bug.