RFE: allow overriding autocomplete=off using the context menu




Password Manager
12 years ago
7 years ago


(Reporter: Aleksey Nogin, Unassigned)


Firefox Tracking Flags

(Not tracked)




12 years ago
There was a somewhat legthy discussion in bug 245333 on whether adding an ability to ignore autocomplete=off would be approriate. On one hand, users want the option to ignore it, but on the other hand financial institution may refuse to let a browser access their systems if they view it as "too insecure".

As far as I understand (after reading bug 245333 and bugs 63961), the main concerns of the financial institutions are:
(I) What if a user saves his login information w/o realizing how insecure his computer is?
(II) What if a malicios user turns on the "autocomplete=off override" and thus tricks a legitimate user into having his password saved on the system?

I would like to propose a solution that seems like it could be a reasonable compromize. Namely, allow the autocomplete=off passwords to be remembered when _all_ of the following holds:

1) A hidden pref is turned on.
2) (Optional) When password manager is in "encrypt" mode
3) When user right-clicks on the password field and explicitly requests an override for this _specific_ site (a new override should be required every time the password is changed).
4) (Optional) After user confirms that [s]he is sure (may be even by typing "yes" into a text field, as opposed to simply clicking on "OK") in a dialog that warns about potential consequences.

The idea here is that:
1) The hidden pref would make this unavailable to inexperienced users, who might not realize how insecure their computer is (and since the experienced users will probably find a way to override the autocomplete=off anyway, worrying about their computers still being insecure is not such a big issue).
2) Limiting this feature to "encrypt" mode only would limit somewhat the potential for the data to be compromized.
3) Requiring the explicit per-site override would make sure that the users actually intend to do it, as opposed to being "tricked" into it by somebody else maliciously enabling the hidden pref.
4) The dialog might be an overkill, but presonally, I do not really care how much hoops I have to jump throught in order to enable the autocomplete, as long a I only need to do it once (per site). So if people feel that such dialog is needed in order to make this feature acceptable, I'd be happy to live with it. Forcing the user to type "yes" instead of clicking the button is IMHO an annoying, but efficient way of making sure the user actually reads the message.

P.S. I would really appreciate it if those who have WONTFIX'ed bug 245333 would think about this and not dismiss it right away.
I'm not sure I really understand the desire to have a hidden pref that makes people jump through hoops to override autocomplete=off when people who want to do this can already do it with a simple bookmarklet or extension. Using a bookmarklet is much simpler than using the functionality you propose (typing "YES", etc).

Comment 2

12 years ago
Bookmarketles and extensions are not native. They do not function with all websites. And it's relying on a 3rd party's development work.

As long as the Mozilla Foundation makes the mistake of believing that the Financial Industry understands IT security, this is a loss cause.
The impossibility of making this feature "native" is precisely the reason that bug 245333 was wontfixed. It's a trivial workaround for those who want to get around it.

Comment 4

12 years ago
I think allowing users to override autocomplete=off using the context menu is a good idea.  I don't know whether it would cause financial institutions to blackmail us again, though.
Summary: RFE: allow a *limited* way of overriding autocomplete=off → RFE: allow overriding autocomplete=off using the context menu

Comment 5

11 years ago
I actually think that Aleksey's suggestion is briliant. It addresses all of the possible security concerns: it is a hidden preference, that is enabled on a per-site basis, and requiring that the information be encrypted. I'd really like to see this implemented.

Comment 6

11 years ago
See also bug 333080 which suggest a on-time dialog (I think Aleksey's suggestion is better, either as a context menu of dialog, but at least not enabled by default).
I think a context menu for "No, Really, Please Work Like I'm Expecting" just isn't a good idea. It also doesn't work well -- the "fill in passwords" code has probably already run before you can bring up the menu at page load, and the "can this password be saved" code runs after Submit has already been clicked. Ugh. I don't think we're in a good state with autocomplete yet, but this isn't the answer.
Last Resolved: 10 years ago
Resolution: --- → WONTFIX

Comment 8

10 years ago
Note that you can bypass autocomplete=off with the method I describe here:

Comment 9

10 years ago
I cannot agree on a WONTFIX resolution, since there are already, at a minimum, two workarounds (i.e. the one proposed by comment 8 and a "Remember Password" bookmarklet than can be readily found by googling a bit) that do what the users need.

I agree that it does trade security for convenience, but until financial insitutions clean up their acts and start investing in security (instead of burdening their customers) things like this are just going to happen.


10 years ago
Product: Firefox → Toolkit


7 years ago
You need to log in before you can comment on or make changes to this bug.