Add an Allow/Disallow autofill password option
Categories
(Toolkit :: Password Manager, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox67 | --- | fixed |
People
(Reporter: tanvi, Assigned: prathiksha)
References
(Blocks 2 open bugs)
Details
(Keywords: feature, Whiteboard: [security:passwords])
Attachments
(2 files)
As described in bug https://bugzilla.mozilla.org/show_bug.cgi?id=1118511, autofilling passwords is a security issue. I'm not sure we are going to come to a resolution on bug 1118511 soon, so in the meantime it would be great to give the user an option to opt-in/opt-out of autofilled passwords. Ryan has proposed the following UX to add a checkbox for autofilling: https://www.lucidchart.com/publicSegments/view/555b6d79-8c58-4c53-9bd9-1a560a004433/image.png We can start with it being checked by default and then explore other default options. (ex: Checked by default for https sites, unchecked by default for HTTP sites. Or unchecked by default.) Filing this bug to track the work to add the checkbox
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Comment 2•5 years ago
|
||
This question this brings up to me is how we handle exceptions. As I understand it today, our one option labelled "Ask to save logins and passwords for websites" actually represents something more like "Ask to save logins and passwords AND AUTOMATICALLY FILL THEM". If we separate these into two options, would we need exceptions lists for both or only for fill?
Comment 3•5 years ago
|
||
(In reply to Ryan Feeley [:rfeeley] from comment #2)
This question this brings up to me is how we handle exceptions. As I understand it today, our one option labelled "Ask to save logins and passwords for websites" actually represents something more like "Ask to save logins and passwords AND AUTOMATICALLY FILL THEM". If we separate these into two options, would we need exceptions lists for both or only for fill?
Maybe… I was thinking as a first step that this new option would be indented under the existing one so we wouldn't need that for now. If we wanted to allow controlling autofill for an individual login I think that would make sense to be shown in the login list, not in a separate exceptions dialog IMO.
I also think we need to keep exceptions for remembering since users get annoyed when they are asked to save logins that they don't want to save (e.g. ones they find more sensitive like banking ones).
Comment 4•5 years ago
|
||
I now notice that a nested checkbox won't work nicely here since we have two buttons on the right side already:
[x] Ask to save logins and passwords for websites [Exceptions… ]
[Saved Logins…]
Maybe putting the checkbox at the bottom center of the list subdialog makes more sense?
Comment 5•5 years ago
|
||
This gives users distinct control over whether or not passwords are autofilled without surfacing it to highly. Makes sense?
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 6•5 years ago
|
||
Add an Allow/Disallow autofill password option
Comment 7•5 years ago
|
||
This should wait to land until after the soft code freeze. It ends on Monday.
Pushed by prathikshaprasadsuman@gmail.com: https://hg.mozilla.org/integration/autoland/rev/684dcc4149ad Add an Allow/Disallow autofill password option. r=MattN
Comment 9•5 years ago
|
||
bugherder |
Updated•5 years ago
|
Description
•