ad hoc secure password generator with levels of complexity
Categories
(Toolkit :: Password Manager, enhancement)
Tracking
()
People
(Reporter: bill.moss, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Steps to reproduce:
I wanted a secure password for future use. I had to go to a site and pretend I was signing-up for an account to get a secure password suggestion.
I'm not sure how Firefox knows what the password requirement parameters for a particular site are, but I imagine this might be relevant to my enhancement request.
How does that work anyway? Is it something in the HTML, a central list like HSTS preload, or what?
Actual results:
In order to receive a secure password I had to pretend I was signing-up for an account. It would be nice to have this functionality available, perhaps with complexity selectors, ad hoc in the settings > passwords area.
Expected results:
I might have wanted to choose a pretty secure password, a memorably secure password, or something very complex and nearly impossible to crack.
OS X I believe at one point had a utility called Password Assistant that did something like this. It would be cool to have this in the settings > passwords area.
Or if this doesn't fit with Firefox's aim, maybe it could be accessible via a lower level about:config type area.
|
||
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Disability Access APIs' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
|
||
Updated•3 years ago
|
|
||
Comment 2•3 years ago
|
||
Hi Bill, thanks for filing this. This sounds like multiple bugs we have on file so I'll go ahead and list them out for future context.
- Bug 1559986 - Add special characters/symbols to generated passwords
- Bug 1650312 - User adjustable length and range of generated secure password
- Bug 1606578 - "Create New Login" (about:logins) does not have a way to generate a password
- Bug 1570215 - Add more (configurable) character classes to password generator
It sounds like one of the major concerns is that there is no easy way to generate a password outside of a password input field. I would assume landing a patch for Bug 1606578 would help in this ease of use of generating a password on the fly.
I'm not sure how Firefox knows what the password requirement parameters for a particular site are, but I imagine this might be relevant to my enhancement request.
How does that work anyway? Is it something in the HTML, a central list like HSTS preload, or what?
Currently, we use a "password-rules" data set that has been open sourced by Apple to help determine password generation requirements for various sites. If the site you were signing up for is not in this list, then we would generate a password using our standard rules.
It would be nice to have this functionality available, perhaps with complexity selectors, ad hoc in the settings > passwords area.
See both Bug 1650312 and Bug 1570215. There are still open UI and UX questions for what a rules selector would look like, where it should and shouldn't appear, does it integrate into the existing context menu, should it appear in the autocomplete dropdown when we generate a password.
Adding a NI to create a meta bug that keeps track of issues like this, adding a feature to add user facing customization to generated passwords.
|
|
||
Comment 3•3 years ago
|
||
Actually I'm not going to create a new meta for this and instead will use Bug 376674 (since some of the previously mentioned bugs are already related to this meta).
|
|
||
Comment 4•3 years ago
|
||
Marking as a dupe of Bug 376674 since we have all the relevant information we need on this bug (and the meta).
Description
•