Open Bug 1761039 Opened 2 years ago Updated 5 months ago

deutsche-bank.de user login not correctly saved

Categories

(Toolkit :: Password Manager: Site Compatibility, defect, P2)

defect

Tracking

()

People

(Reporter: aryx, Unassigned)

References

()

Details

The prompt to store login data for Deutsche Bank (one of Germany's biggest banks) only suggests to store one part of the 3 part user name.

Steps to reproduce:

  1. Open https://www.deutsche-bank.de/pk.html
  2. Click onto "Online-Banking" (top right).
  3. Fill in credentials: 3 digits, 7 digits, 2 digits; 5 characters as password and submit.

Actual result: Prompt to store password suggests to use the 2 digits as user name (or lets one pick the 3 digits or 7 digits as user name).

Expected result: All 3 parts are needed as user name.

Severity: -- → S3
Priority: -- → P2

There is an existing workaround here - users can add https://www.deutsche-bank.de to the "exceptions" list in about:preferences#privacy under "Logins and Passwords". That is probably not a reasonable resolution here though - how would a user know to do that? And if the site gets redesigned, they would need to know to remove it.

Allowing for compound "usernames" as the credential identity isn't unreasonable, and it is something we come across occasionally where identity is, say, an account number + username. But supporting this case in the password manager would need considerable thought and effort. I think in the shorter term, the best case here would be to find a way to avoid handling this login form at all - as both capturing and filling will result in incomplete and confusing results.

You need to log in before you can comment on or make changes to this bug.