Primary Password dialog should be less aggressive
Categories
(Toolkit :: Password Manager, enhancement)
Tracking
()
People
(Reporter: site-exurb08, Unassigned)
Details
(Whiteboard: [primary-password-prompts])
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0
Steps to reproduce:
My browser (Firefox Developer 113.0b9 on macOS 11.7.7) has a Primary Password set to encrypt login passwords.
I visited a website with a login form that I did not intend to use, like old.reddit.com (which puts a login form on the side bar for signed-out users).
Actual results:
Every time I navigate through the site, I am asked to input my Primary Password.
Furthermore, the password form is overlaid on top of the website, which may make it possible for a malicious actor to create a fake Primary Password request to phish the password.
Expected results:
I should not be prompted for my Primary Password unless I interact with the form field.
The primary password should only ever be prompted for on browser startup, when visiting the internal page about:logins, or when clicking a button on a dropdown menu shown when interacting with a form labeled "Enter Primary Password" (next to the button labeled "Manage saved logins...").
When the "Enter Primary Password" button is clicked, a new internal page such as about:password should open and prompt the user for the password there to make it easier for the user to discern a legitimate password request versus a website with a fake password required dialog.
|
||
Comment 1•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Toolkit::Password Manager' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
Reporter | |
Comment 2•2 years ago
|
||
Oh, and I'm not sure if I can edit my bug, but every now and then, the dialog will cause my browser to freeze. I haven't tested this on a clean install, though, so YMMV.
|
||
Updated•2 months ago
|
|
|
||
Updated•2 months ago
|
Description
•