Closed Bug 1968517 Opened 5 months ago Closed 4 months ago

Firefox Password Generator suggests the same password repeatedly for multiple users

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
Firefox 138
Platform:
x86_64
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1925073

People

(Reporter: posta.spam, Unassigned)

References

(Depends on 1 open bug)

Details

Attachments

(2 files)

test-password.php
978 bytes, application/x-php
Details
The video shows that Firefox suggests the same password to me
150.95 KB, image/gif
Details
Attached file test-password.php

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:138.0) Gecko/20100101 Firefox/138.0

Steps to reproduce:

While using Firefox's built-in password generator to create secure passwords for new users, I noticed that the generated password is often the same across multiple registrations. Despite expecting a unique password for each user, Firefox suggests the previously generated password instead of creating a new one. This behavior persists even when registering multiple users consecutively, making it unclear whether this is an intended feature or an issue with entropy in the password generation process. To test this, I used the attached PHP script to simulate multiple user registrations and observed the repeated password issue.

  1. Used the PHP test script (provided attached) to simulate multiple user registrations.
  2. Opened the test page in Firefox (the page must be uploaded to a PHP webserver).
  3. Entered a username and clicked on the password field.
  4. Selected "Suggest a strong password..." and then "Use a securely generated password".
  5. Submitted the form.
  6. Clicked the button "Try with a new user", which reloads the form without parameters to simulate another registration.
  7. Repeated steps 3-6 multiple times with different usernames.

Actual results:

The password suggested by Firefox remains the same across multiple user registrations. It does not generate a new password each time, effectively reusing the last one generated.

Expected results:

Firefox should generate a unique, random password for each user registration instead of suggesting the same one repeatedly. It should include sufficient entropy and possibly a time-based factor to ensure uniqueness.

The Bugbug bot thinks this bug should belong to the 'Toolkit::Password Manager' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Password Manager
Product: Firefox → Toolkit
OS: Unspecified → Windows 10
Hardware: Unspecified → x86_64

Hi,

thank you for the bug report! This is a known limitation of how we currently handle generated password persistence between page navigation. We are aware that this can be improved, and there is a meta bug for this: https://bugzilla.mozilla.org/show_bug.cgi?id=1915598

For now you can restart your Firefox if you are creating multiple passwords on the same page.

Status: UNCONFIRMED → RESOLVED
Closed: 4 months ago
Duplicate of bug: 1925073
Resolution: --- → DUPLICATE
Depends on: 1915598

Ok,
Now I follow 1915598.

Thank you.
Davide.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: