Open Bug 1806074 Opened 1 year ago Updated 4 months ago

protect auto-fill data using a password

Categories

(Toolkit :: Form Autofill, enhancement, P3)

Firefox 102
Unspecified
Linux
enhancement

Tracking

()

UNCONFIRMED

People

(Reporter: u20230201, Unassigned, NeedInfo)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0

Steps to reproduce:

After restarting Firefox (updated to 102.6.0) I filled in a form, and auto-fill data was suggested.

Actual results:

Auto-fill data was suggested, even though I hadn't entered the master password that protects passwords. My expectation was that any personal data were protected with the master password.

Expected results:

As such auto-fill data can be sensitive, too, I'd like to see the possibility to protect such data with a password, too.

The Bugbug bot thinks this bug should belong to the 'Toolkit::Password Manager' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit

This is unlikely to make it as most users would be annoyed if this feature was introduced, so this suggestion is invalid

I wonder about three things:

  1. Is the annoyance to enter the master password once after starting Firefox?
  2. Will users being annoyed use a master password to protect their private data at all?
  3. Don't user's care about their private data? (I'll consider address and phone number as "private data", for example)

(In reply to Ulrich Windl from comment #3)

I wonder about three things:

  1. Is the annoyance to enter the master password once after starting Firefox?
  2. Will users being annoyed use a master password to protect their private data at all?
  3. Don't user's care about their private data? (I'll consider address and phone number as "private data", for example)

I suppose it might make it if it was introduced as an optional feature that people could turn on manually, However this would be a very expensive and difficult feature to make

Component: Password Manager → Form Autofill
OS: Unspecified → Linux

Primary Password is an opt-in feature, so only users who wants it will be using it.
Can you provide a screenshot (with fake or blurred username please) of when this didn't work as you expected? Did it have yellow background (autofilled by browser) or it was prefilled by web site itself? Was it username/password or credit card or address or general form history?

Flags: needinfo?(Ulrich.Windl)

AFAIR it was general form history. Also some pages seem to be deliberately designed in a way that the password manager does not work, so any "general" form field could be confidential.

Flags: needinfo?(Ulrich.Windl)
Severity: -- → N/A
Flags: needinfo?(sgalich)
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.