Open Bug 348941 (separate-page-username-password) Opened 18 years ago Updated 2 years ago

Provide Capability to Handle Logins with User ID and Password on Separate Pages

Categories

(Toolkit :: Password Manager, defect, P3)

defect

Tracking

()

People

(Reporter: david, Unassigned)

References

(Depends on 1 open bug, Blocks 9 open bugs)

Details

(Whiteboard: [blocked] [passwords:heuristics])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060729 SeaMonkey/1.0.4 Mnenhy/0.7.4.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060729 SeaMonkey/1.0.4 Mnenhy/0.7.4.0 More and more financial institutions (including Bank of America and Vanguard Mutual Funds) are upgrading their Web sites so that logging-in to my account involves having my user ID on one Web page and my password on another. Vanguard calls this a split login. This is making the current Password Manager useless. For both Firefox and SeaMonkey, the Password Manager should be also upgraded to handle the upgraded, split logins. Reproducible: Always
OS: Windows XP → All
Hardware: PC → All
I thought financial institutions already disabled the password manager? At any rate, Firefox's password manager already has support for password only logins.
Product: Firefox → Mozilla Application Suite
Assignee: nobody → dveditz
QA Contact: password.manager
Assignee: dveditz → nobody
My query is for how the log in overrides usage on concurrent MySpace pages... not sure if this would apply in this specific bug search - but it was the only one that looked very similar to our issue at hand. When my wife logs in to her MySpace account with the stored password feature, and then I open a new Firefox window and log in with my info (stored as well), if and when either one of us then opens a new tab or window subsequent to the originals - the open window then becomes the "property" so to speak of whomever was the first one to log in...... Example: We play Game Applications on MySpace - namely Heroes and Mobster, so we usually have open one main profile page (home page) for updating info at MySpace, and then two more individual pages with each game operating on their own respective pages, and use the tabs to play different aspects of the games on the tabs. Now, if my wife was the first one to open a Firefox window and set up her gaming, once I log in and get my three windows opened up to play - here is the tricky part: When I open a new tabbed window on the game level - it automatically opens under her named pages instead - but only when they are tabbed open (or by default of the game itself - will open in a new tab based on links programmed into the games). If I am the first to open up and set up - then of course the reverse happens - every time she opens a tabbed extension - it becomes my screens instead. As long as either one of us stays on the specific "main" windowed page we logged in under - then there are no issues... As this all stand s right now - I am unfortunately forced to open my set of gaming applications under IE, and really lose the speed and functionality of Firefox that we originally downloaded to our system to take advantage of...... In other words - IE runs so slowly now that I am continually getting my ass handed to me by other gamers while playing (waiting for refresh screens to open) - while my wife breezes thru attack after attack and just keeps advancing.... Thanks, Doug VerSteegh
Component: Passwords & Permissions → Password Manager
Product: SeaMonkey → Toolkit
QA Contact: password.manager
Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20110511 SeaMonkey/2.1 For a long time now, this was not a problem. I know for sure this was not a problem with SeaMonkey 2.0.14 as recently as 6 May 2011. However, this problem re-appeared with SeaMonkey 2.1RC1. Given that a prior version of Password Manager was indeed working as requested in this bug report but the current version is not working that way now, I consider this a regression bug and not an RFE. Changing the Importance from "enhancement".
Severity: enhancement → normal
Note: When I go to a Web site that uses a "split login" and I have previously (under SM 2.0.14 or an earlier version) saved the password, I get a request for my master password on the page where a password is to be entered. I input the master password into the dialogue popup, but the login password is NOT inserted in the input area.
This problem appears to be restricted to the following situation, all of the following required for failure: * The Web site uses a split login. * The site blocks the saving of passwords. * Password Manager already had saved the necessary login password before such saving was blocked. In this situation, Password Manager recognizes that the necessary login password has been saved, so it requests the Master Password. Something after that point is broken when Password Manager recognizes that the Web site blocks the saving of passwords.
(In reply to comment #3) > Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20110511 SeaMonkey/2.1 > > For a long time now, this was not a problem. I know for sure this was not a > problem with SeaMonkey 2.0.14 as recently as 6 May 2011. However, this > problem re-appeared with SeaMonkey 2.1RC1. > > Given that a prior version of Password Manager was indeed working as > requested in this bug report but the current version is not working that way > now, I consider this a regression bug and not an RFE. Changing the > Importance from "enhancement". I currently have SM 1.1.19, 2.0.14 and 2.1rc1. 1.1.19 works including split log-in. The latter two do not.
(In reply to comment #1) > I thought financial institutions already disabled the password manager? You know, there are various ways to enable it, even just one time to remember the login details. > At any rate, Firefox's password manager already has support for password > only logins. It doesn't seem to support initializing the field of an username only page even when there's username and corresponding username field remembered for the given origin/host.
One problem with the current design is that, with user IDs and passwords on separate Web pages, only one password can be applied to multiple login accounts. There is no way to distinguish separate passwords for separate accounts. I would suggest that, when storing a password that is entered on a page without a user ID, Password Manager should request the user (in a popup dialogue) to provide an associated user ID. The user ID would not even have to match the actual user ID; it would only have to identify the password in a user-oriented manner.
To expand on my comment #8: Currently, when the user ID and password are entered on separate pages and Password Manager has stored the password, the user ID in the password database is blank. My suggested fix would involve (1) storing the user-supplied associated ID (causing an entry in the database for each ID) and (2) using the existing pull-down selection list that is a capability for multiple accounts with the user ID and password both on the same Web page. Regarding comment #1: See bug 425145 comment 35. As of today, 7,311 users have downloaded the Remember Passwords extension as a work-around for this bug.
Recipes could help with this.
See Also: → password-recipes
Depends on: password-recipes
See Also: password-recipes
Priority: -- → P1
Currently blocked by a technical and UX design, but we want to address it in Q1 2015.
Whiteboard: [blocked]
No longer depends on: password-recipes
Priority: P1 → --
Blocks: 1188093
Use case: We have two different accounts at a credit union, each with a different user ID. The credit union's Web site uses a split login. The page where a password is input always has the same URI, no matter what user ID was previously input. If I try to setup separate passwords, Password Manager replaces the first input password with the second input password. Thus, I cannot setup two passwords relative to the URI of the input-password Web page. Even if I could input two passwords for the same input-password Web page, Password Manager would not given me the ability to distinguish them. Thus, I must use the same password for two different accounts at the same credit union. This creates a risk of a security vulnerability since good security indicates I should have a distinct password for each account.
Priority: -- → P3
Whiteboard: [blocked] → [blocked] [passwords:heuristics]
Depends on: 1194353
Depends on: 1531164
See Also: → 1584185
Blocks: 1608203
Blocks: 1616586
Blocks: 1616557
See Also: → 1625402
Blocks: 1607324
Blocks: 1630267
Blocks: 1641964
Depends on: 1662192
Alias: separate-page-username-password
Blocks: 1662447
Blocks: 1690809
Blocks: 1691671
Blocks: 1691745
Blocks: 1692167

QA Note: verify manomano.fr as well, Issue description: the email si captured but not filled in the username field from the panel (placed in dropdown).

Depends on: 1708455
No longer blocks: 1616586
Blocks: 1616586
Blocks: 1662192
No longer depends on: 1662192
Depends on: 1779894
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.