Closed Bug 1692980 Opened 4 years ago Closed 3 years ago

Update new password heuristics model

Categories

(Toolkit :: Password Manager, enhancement, P2)

enhancement

Tracking

()

VERIFIED FIXED
90 Branch
Tracking Status
firefox90 --- verified

People

(Reporter: dimi, Assigned: dimi)

References

(Regressed 1 open bug)

Details

Attachments

(2 files)

Bug 1595244 introduced a machine learning model using Fathom to improve detection of new password fields for password generation (v1). The last time we updated this model was in Bug 1638187 (15 May 2020)

It's time to collect those false-positive and false-negative cases discovered since then to improve the accuracy of the model.

Blocks: 1691441
Blocks: 1691444
Blocks: 1691903
Blocks: 1692172
Blocks: 1692182
Blocks: 1692198
Blocks: 1692163
Blocks: 1691003
Severity: normal → N/A

The improvements include:

  • Add three french keywords

    • Add Créer to newStringRegex
    • Add S'inscrire to registerStringRegex
    • Add Créer un compte to registerStringRegex
  • Add a formHasMultipleVisibleInput signal.
    This rule returns true when there is more than 3 visible input in a form.
    Since the idea in the signal is that a registration page often has multiple inputs.
    This rule only selects inputs whose type is either email, password, text, tel or empty,
    which are more likely a input field for users to fill their information.

  • Support formless password field in formHasMultipleVisibleInput signal.
    For password fields don't have an associated form, signals that require a form always return false.
    This patch adds an additional heuristic in formHasMultipleVisibleInput signal to support formless
    password field. The heuristic works as follow:

    1. Locate the closest preceding input with selector
      "input[type=email],input[type=text],,input[type=tel],input[type=password]".
    2. Find the lowest common ancestor of the password field and the input field found in step1
    3. Use the common ancestor as the "form" element, apply formHasMultipleVisibleInput signal

Update the result, Precision doesn't have significant difference and Recall is up around 5%

Before:
Training precision  : 1.0000   Recall: 0.8964
Validation precision: 0.9905   Recall: 0.8125
Testing precision   : 0.9926   Recall: 0.8933

After:
Training precision  : 1.0000   Recall: 0.9321
Validation precision: 1.0000   Recall: 0.8828
Testing precision   : 0.9862   Recall: 0.9533
Pushed by dlee@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6d1e9ad2dd1d
Update NewPasswordModel.jsm to 78d4bf8. r=sfoster,tgiles
Depends on: 1674499

okay, there are two problems:

  1. isVisible in fathom throws exception in xpcsehll-test because the element doesn't have a window
  2. isProbablyANewPassword returns false for "confirmed password" in password change form (score is 0.73, slight lower than the current threshold holder 0.75). I'll check if that also happens in other password change forms in our samples.

While doing more test, I found out that there is a drawback on the new signal added. The drawback is that it doesn’t work well for password-change forms that have multiple input fields, for example, a password-change form has "current", "new" and "confirm" password fields.

I'll work on the problem and include the fix in this patch.

Flags: needinfo?(dlee)
Attachment #9215608 - Attachment description: Bug 1692980 - Update NewPasswordModel.jsm to 78d4bf8. r=sfoster → Bug 1692980 - P1. Update NewPasswordModel.jsm to 78d4bf8. r=sfoster

Depends on D111926

Blocks: 1693131
Blocks: 1629904
Attachment #9215608 - Attachment description: Bug 1692980 - P1. Update NewPasswordModel.jsm to 78d4bf8. r=sfoster → Bug 1692980 - P1. Update NewPasswordModel.jsm to 55407b0. r=sfoster
Attachment #9223317 - Attachment description: WIP: Bug 1692980 - P2. Fix testcase failures after updating NewPasswordModel → Bug 1692980 - P2. Fix testcase failures after updating NewPasswordModel
Attachment #9223317 - Attachment description: Bug 1692980 - P2. Fix testcase failures after updating NewPasswordModel → Bug 1692980 - P2. Fix testcase failures after updating NewPasswordModel r=sfoster
Pushed by dlee@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2a23cc886289
P1. Update NewPasswordModel.jsm to 55407b0. r=sfoster,tgiles
https://hg.mozilla.org/integration/autoland/rev/1b690d7067c3
P2. Fix testcase failures after updating NewPasswordModel r=sfoster,tgiles
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch
No longer blocks: 1691903, 1692163
Flags: qe-verify+

Confirming this as verified-fixed after checking and closing all the issues from dependencies. Several other generated password site requirements issues were also raised in the process and mentioned in comments where needed.
The only remaining issue that seems like it is not fixed is Bug 1674499, a comment and NI? was left for that bug as well.

Status: RESOLVED → VERIFIED
Flags: qe-verify+

the change in https://hg.mozilla.org/mozilla-central/rev/2a23cc886289 might cause regressions in some Japanese and Chinese forms as they somehow started include ">" characters before/inside keywords.

(reported as https://bugzilla.mozilla.org/show_bug.cgi?id=1714776 , in case if missed)

Regressions: 1714776
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: