Service Now doesn't work with Firefox's password manager.

RESOLVED WONTFIX

Status

RESOLVED WONTFIX
6 years ago
17 days ago

People

(Reporter: Dolske, Assigned: jen)

Tracking

Details

(URL)

(Reporter)

Description

6 years ago
[No idea where bugs on Service Now itself get filed, halp?]

The Service Now site won't let me save my password in Firefox's password manager. Some debug logging shows that PM isn't doing anything because it's finding a autocomplete=off on the form/input. I don't see that looking in the DOM, nor is the "remember password" bookmarklet finding it. So my initial guess is that there's JS in the page that's explicitly adding this during form submission?

Updated

6 years ago
Assignee: nobody → desktop-support
Component: Other → Server Operations: Desktop Issues
Product: Websites → mozilla.org
QA Contact: tfairfield
Version: unspecified → other

Updated

6 years ago
Assignee: desktop-support → jhayashi
(Reporter)

Comment 1

6 years ago
Any update here? Is this in the right spot?
(Reporter)

Comment 2

6 years ago
(Clarifying potentially-confusing title)
Summary: Can't remember password on Service Now → Service Now doesn't work with Firefox's password manager.
(Assignee)

Comment 3

6 years ago
Hi Justin -  I'll have to log into that.
(Reporter)

Comment 4

6 years ago
I don't think I understand the last comment. Perhaps you meant "look into that"?

Updated

6 years ago
Group: infra
(Reporter)

Comment 5

6 years ago
Why is this restricted to infra?

Updated

6 years ago
Group: infra
(Assignee)

Comment 6

6 years ago
Justin -

Sorry for the delay.   It looks like this might by design.  I've opened a ticket with Service Now to confirm.
(Assignee)

Comment 7

6 years ago
Service now is looking into this.  As soon as I hear back I'll update this ticket.
(Assignee)

Comment 8

5 years ago
Justin -

Just heard back from Service Now, they said that password managers are not prompted to save the password by design.  They want you to use the "Remember Me" option and we cannot make a change to the system to change the behavior.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
So they're *actively* trying to block our password manager from functioning?  That's kind of ridiculous... Did they give you any reason why?

> They want you to use the "Remember Me" option

That's not a solution.  Password manager integration adds tons of value over a "remember me" checkbox -- e.g.:
 a) Password Managers help prevent phishing attacks. Suppose I accidentally mis-type the service-now URL and I end up at hypothetical phishing site https://mozilla.service-nw.cm. If I normally log in with my browser's password manager, then I'll immediately notice that something's wrong, because my browser won't auto-fill my password.  But if I'm used to typing in the password myself, then I won't notice that anything's wrong; I'll go ahead and type in my credentials like I always do, and I'll get owned.

 b) Browsers securely synchronize saved passwords between your machines, for a convenience win & to allow you to e.g. login from your phone without having to attempt your complex 20-character password six times before finally getting it right.  Browsers don't synchronize login cookies (from the "remember me" checkbox), because sites make assumptions about different computers having different login cookies.
(Assignee)

Comment 10

5 years ago
They are not actively trying to block our password manager, it will function the same way against all password managers.  Their product has been designed to use the "Remember Me" checkbox.  

I'll submit a request that be changed, but I can't say when or if it will be changed.  We are exploring using Personal/BrowserID for single-sign on as well.  But that is in the early phases.
Sorry, by "our password manager" I didn't mean specifically Firefox's -- I was more clarifying that they're intentionally attempting to thwart password managers, rather than incidentally doing so as a side-effect of something else. And I think that's silly, as I said above.  "Remember Me" checkboxes are nice, but they're not a legitimate justification for turning off the password manager.

> it will function the same way against all password managers.

(For the record, it doesn't actually function against Opera's password manager -- apparently Opera doesn't treat "autofill" in the same way that we do. Though note that in Opera's case, you have to hit a button (a "key" icon) to make the browser fill in your username and password, so they don't auto-fill in the same way that we do.)
> I'll submit a request that be changed, but I can't say when or if it will be
> changed.

(Thanks!)

> We are exploring using Personal/BrowserID for single-sign on as
> well.  But that is in the early phases.

Ooh, very cool. Looking forward to that. :)

(Ironically, Persona actually *also* has some issues with password manager integration :) -- see bug 759452 -- but that's not intentional, and there are workarounds to make it function.)
Product: mozilla.org → Infrastructure & Operations

Updated

17 days ago
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.