Closed Bug 227880 Opened 21 years ago Closed 15 years ago

password autocomplete information

Categories

(Toolkit :: Password Manager, enhancement)

Product:
Toolkit
Component:
Password Manager
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: stefan.mayrhofer, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.5) Gecko/20031122 Firebird/0.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.5) Gecko/20031122 Firebird/0.7

I'd like to see an enhancement which shows an information that the current
password form was automatically filled in by the password manager and not by the
web page itself (althougt I can't imagine why a page would do this), because I
don't like guessing about that ;D.

That could simply be managed by a tiny icon in the bottom left corner, like
pop-up blocker does. One click on it would directly bring you to the entry in
the "Password Manager" window.

What do you think about?

Reproducible: Always

Steps to Reproduce:
Confirming for dev review.

Brian: this looks like an interesting idea. It shouldn't be too hard to
implement I wouldn't think.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.0?
I would like to get this ... but it's not going to happen before 1.0.
Flags: blocking1.0? → blocking1.0-
i recently saw an information toolbar in newer versions of firefox. maybe the
password autocomplete information should be printed there because it seems to
get more attention by the user than a tiny icon. a button on the right side of
the toolbar could directly open the password manager and highlight the
appropriate entry.
Perhaps this should go in a separate bug, but on a related note, I would find it
nice to be able to override autocomplete="off" for certain sites.

This could be implemented via this RFE; when Firefox detects an autocomplete=off
form, a status bar icon is displayed and when the user clicks on it, a dialog
appears where the user can add the site (or the page URL) to a list of "always
autocomplete" URLs.

Some websites frequently used on public terminals use this features to prevent
passwords from being inadvertently stored in the public terminal's password
store. When using my personal web browser, autocomplete=off in this situation is
simply an annoying misfeature.
Mass edit: Changing QA to default QA Contact
QA Contact: davidpjames → password.manager
Assignee: bryner → nobody
Version: unspecified → Trunk
I don't see how this would really be useful... Adding an to indicate that the password manager filled in the login seems like confusing UI clutter, and it doesn't serve a purpose beyond "I'd kind of like to know."

Comment #4 is an unrelated issue to this bug.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
Product: Firefox → Toolkit
I still think that this would be useful for at least three reasons.

I) A fishing web page could enter the password form by itself to make an illusion of a working password auto complete and therefore making an illusion of a known web site. Showing the information toolbar makes sure this site is known to the browser and filling in the password is intended.

II) The user gets an information why the password form is already filled out. e.g. the user does not know about the feature and another one (sharing the browser profile) saved a login previously.

III) If the feature is known but saving the password was unintended or is no-longer wanted. this information toolbar would include a button to the right for opening the password manager and automatically highlighting the corresponding entry, so that two clicks are enought to clear it.

I reopened the bug because I think 2009 could bring a new view on this.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
(In reply to comment #7)

> I) A fishing web page could ...

No one is going to notice the (lack) of a subtle indicator. And phishing pages are unfortunately already effective without spoofing autocomplete functionality.

> II) The user gets an information why the password form is already filled out.

I've not seen any evidence this confuses users, and as I noted in comment 6 adding more UI clutter leads to confusion.

> III) If the feature is known but saving the password was unintended or is
> no-longer wanted.

Other bugs have proposed similar UI, and have also been WONTFIXed. Nothing new here.

This kind of functionality is solidly in extension territory.
Status: REOPENED → RESOLVED
Closed: 17 years ago15 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.