Update new password heuristics model
Categories
(Toolkit :: Password Manager, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox90 | --- | verified |
People
(Reporter: dimi, Assigned: dimi)
References
(Regressed 1 open bug)
Details
Attachments
(2 files)
Bug 1595244 introduced a machine learning model using Fathom to improve detection of new password fields for password generation (v1). The last time we updated this model was in Bug 1638187 (15 May 2020)
It's time to collect those false-positive and false-negative cases discovered since then to improve the accuracy of the model.
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
The improvements include:
-
Add three french keywords
- Add Créer to newStringRegex
- Add S'inscrire to registerStringRegex
- Add Créer un compte to registerStringRegex
-
Add a formHasMultipleVisibleInput signal.
This rule returns true when there is more than 3 visible input in a form.
Since the idea in the signal is that a registration page often has multiple inputs.
This rule only selects inputs whose type is either email, password, text, tel or empty,
which are more likely a input field for users to fill their information. -
Support formless password field in formHasMultipleVisibleInput signal.
For password fields don't have an associated form, signals that require a form always return false.
This patch adds an additional heuristic in formHasMultipleVisibleInput signal to support formless
password field. The heuristic works as follow:- Locate the closest preceding input with selector
"input[type=email],input[type=text],,input[type=tel],input[type=password]". - Find the lowest common ancestor of the password field and the input field found in step1
- Use the common ancestor as the "form" element, apply
formHasMultipleVisibleInput
signal
- Locate the closest preceding input with selector
Assignee | ||
Comment 2•3 years ago
•
|
||
Update the result, Precision doesn't have significant difference and Recall is up around 5%
Before:
Training precision : 1.0000 Recall: 0.8964
Validation precision: 0.9905 Recall: 0.8125
Testing precision : 0.9926 Recall: 0.8933
After:
Training precision : 1.0000 Recall: 0.9321
Validation precision: 1.0000 Recall: 0.8828
Testing precision : 0.9862 Recall: 0.9533
Pushed by dlee@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6d1e9ad2dd1d Update NewPasswordModel.jsm to 78d4bf8. r=sfoster,tgiles
Comment 4•3 years ago
|
||
Backed out for causing failures at test_isProbablyANewPasswordField.js.
Backout link: https://hg.mozilla.org/integration/autoland/rev/5672c4f15bd77ce43f10dba2a1de280a2d63e1c0
Failure log: https://treeherder.mozilla.org/logviewer?job_id=336886276&repo=autoland&lineNumber=2268
Assignee | ||
Comment 5•3 years ago
•
|
||
okay, there are two problems:
- isVisible in fathom throws exception in xpcsehll-test because the element doesn't have a window
isProbablyANewPassword
returns false for "confirmed password" in password change form (score is 0.73, slight lower than the current threshold holder 0.75). I'll check if that also happens in other password change forms in our samples.
Assignee | ||
Comment 6•3 years ago
|
||
While doing more test, I found out that there is a drawback on the new signal added. The drawback is that it doesn’t work well for password-change forms that have multiple input fields, for example, a password-change form has "current", "new" and "confirm" password fields.
I'll work on the problem and include the fix in this patch.
Updated•3 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Pushed by dlee@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2a23cc886289 P1. Update NewPasswordModel.jsm to 55407b0. r=sfoster,tgiles https://hg.mozilla.org/integration/autoland/rev/1b690d7067c3 P2. Fix testcase failures after updating NewPasswordModel r=sfoster,tgiles
Comment 9•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2a23cc886289
https://hg.mozilla.org/mozilla-central/rev/1b690d7067c3
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Comment 10•3 years ago
|
||
Confirming this as verified-fixed after checking and closing all the issues from dependencies. Several other generated password site requirements issues were also raised in the process and mentioned in comments where needed.
The only remaining issue that seems like it is not fixed is Bug 1674499, a comment and NI? was left for that bug as well.
Comment 11•3 years ago
|
||
the change in https://hg.mozilla.org/mozilla-central/rev/2a23cc886289 might cause regressions in some Japanese and Chinese forms as they somehow started include ">" characters before/inside keywords.
(reported as https://bugzilla.mozilla.org/show_bug.cgi?id=1714776 , in case if missed)
Description
•