Don't default to the save password button in dialogue

VERIFIED WONTFIX

Status

VERIFIED WONTFIX
11 years ago
11 years ago

People

(Reporter: markus.magnuson, Unassigned)

Tracking

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; sv; rv:1.8.1.4) Gecko/20070501 Camino/1.5
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; sv; rv:1.8.1.4) Gecko/20070501 Camino/1.5

When I am asked if I want to update a saved Keychain password, after submitting a form, the default option is to update the password. This makes it very easy to update the password by mistake. The default button should be to keep the old password.

Reproducible: Always

Updated

11 years ago
Assignee: dveditz → nobody
Component: Security → OS Integration
QA Contact: camino → os.integration

Comment 1

11 years ago
The default should be the action that is most commonly the correct action. What's the argument that people would want to keep an old password, which presumably doesn't work anymore, rather than the updated password?

(If this is specifically about logging in with a completely different account, then it's a WONTFIX in favor of adding the ability to store multiple accounts per site, which is already filed)
Markus, can you respond to Stuart's comment?

I tend to think this is a WONTFIX, too; the only reason right now I don't want to update a changed password is bug 178607.
(Reporter)

Comment 3

11 years ago
Hmm, I haven't seen bug 178607 before, it seems like that one would fix most of the cases of accidentally saving a new password (e.g. multiple users/accounts in one browser session.)

Comment 4

11 years ago
Closing WONTFIX then.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WONTFIX

Comment 5

11 years ago
This bug came out of a discussion with Markus, so I'll just clarify. If you find this case valid, I can file a new bug about it.

As far as I can see, bug 178607 is only relevant if you access foo.bar.com and it will ask you to update the previously saved password for baz.bar.com (even though the subdomain is different).

This bug as I understand it, was about another situation:

1. I use Markus computer to log into facebook
2. Camino asks if I want to update the previously saved password (which is Markus' password). Of course I don't want to, because that would add my password to his keychain!

I've noticed many friends save their passwords in my keychain because of this usability bug. 

I think the wording can be easily improved in the dialog that asks if you want to save the password. For example, I think the confirm button should be something like "Save this password" (it's something less clear right now).

But the real question is: why does Camino ask to save the password even if our login names are different in the form? (Is this what the bug you're referring to is really about?)

Comment 6

11 years ago
Stuart, Smokey: see comment 5

Comment 7

11 years ago
(In reply to comment #5)
> 2. Camino asks if I want to update the previously saved password (which is
> Markus' password).

It won't once bug 178607 is fixed, because the username doesn't match. Your characterization of bug 178607 is not correct.
You need to log in before you can comment on or make changes to this bug.