Closed Bug 1710315 Opened 4 years ago Closed 4 years ago

Firefox Password Manager is repeatedly suggesting the same password in the "generate a secure password" field in a particular website

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
Firefox 88
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1551723

People

(Reporter: erico.erc, Unassigned)

Details

Attachments

(1 file)

screenshots.tar.gz
191.04 KB, application/gzip
Details
Attached file screenshots.tar.gz

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0

Steps to reproduce:

Open a password recovery link from https://www.fastshop.com.br/

Put cursor in the first field, see "generate a secure password" suggestion.

Actual results:

The suggestion is always the same. I've opened at least 4 different links from the same website (their auth backend seems to be having some issues too) and firefox has suggested the same password in all cases.

Expected results:

From https://support.mozilla.org/en-US/kb/how-generate-secure-password-firefox , I understand that Firefox should have generated a random password for all these attempts, but it didn't.

I would hope the password randomness isn't seeded on page content, so this is maybe some buggy caching?

I have just built 88.0.1, this is still happening (though the actual string has changed).

(In reply to erico.erc from comment #0)

I would hope the password randomness isn't seeded on page content, so this is maybe some buggy caching?

It's not buggy; it's by design. The same origin will get the same password until you restart Firefox (or you use a different container, or use private browsing - the generated password for the same site in and outside private browsing will be different). We will also cache user modifications to the generated password. This is all because websites frequently ask you to "confirm" the password you select for a new account, or ask you to log in immediately after creating the account, and for both of these the user wants the same password. bug 1551723 tracks making this more obvious in the UI and offering a way for users to explicitly create a different password, if they create multiple accounts in a row. But for the initial implementation, not breaking the user workflow when creating a login was deemed more important than how to deal with creating multiple accounts for which the user would want different passwords (as this is considerably less common).

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE

I see, thanks for the thorough explanation.

Would be nice to get a button for a different password, I don't think the only use case is multiple accounts.

Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: