Closed Bug 1174327 Opened 9 years ago Closed 5 years ago

Add an Allow/Disallow autofill password option

Categories

(Toolkit :: Password Manager, defect, P2)

defect

Tracking

()

RESOLVED FIXED
mozilla67
Tracking Status
firefox67 --- fixed

People

(Reporter: tanvi, Assigned: prathiksha)

References

(Blocks 2 open bugs)

Details

(Keywords: feature, Whiteboard: [security:passwords])

Attachments

(2 files)

As described in bug https://bugzilla.mozilla.org/show_bug.cgi?id=1118511, autofilling passwords is a security issue.  I'm not sure we are going to come to a resolution on bug 1118511 soon, so in the meantime it would be great to give the user an option to opt-in/opt-out of autofilled passwords.  Ryan has proposed the following UX to add a checkbox for autofilling:
https://www.lucidchart.com/publicSegments/view/555b6d79-8c58-4c53-9bd9-1a560a004433/image.png

We can start with it being checked by default and then explore other default options.  (ex: Checked by default for https sites, unchecked by default for HTTP sites.  Or unchecked by default.)

Filing this bug to track the work to add the checkbox
Blocks: 1427543
Priority: -- → P2
Whiteboard: [security:passwords]
Summary: Allow/Disallow autofill check box → Add an Allow/Disallow autofill password option
Blocks: 1118511

This question this brings up to me is how we handle exceptions. As I understand it today, our one option labelled "Ask to save logins and passwords for websites" actually represents something more like "Ask to save logins and passwords AND AUTOMATICALLY FILL THEM". If we separate these into two options, would we need exceptions lists for both or only for fill?

Flags: needinfo?(MattN+bmo)

(In reply to Ryan Feeley [:rfeeley] from comment #2)

This question this brings up to me is how we handle exceptions. As I understand it today, our one option labelled "Ask to save logins and passwords for websites" actually represents something more like "Ask to save logins and passwords AND AUTOMATICALLY FILL THEM". If we separate these into two options, would we need exceptions lists for both or only for fill?

Maybe… I was thinking as a first step that this new option would be indented under the existing one so we wouldn't need that for now. If we wanted to allow controlling autofill for an individual login I think that would make sense to be shown in the login list, not in a separate exceptions dialog IMO.

I also think we need to keep exceptions for remembering since users get annoyed when they are asked to save logins that they don't want to save (e.g. ones they find more sensitive like banking ones).

Flags: needinfo?(MattN+bmo)

I now notice that a nested checkbox won't work nicely here since we have two buttons on the right side already:

[x] Ask to save logins and passwords for websites [Exceptions…  ]
                                                  [Saved Logins…]

Maybe putting the checkbox at the bottom center of the list subdialog makes more sense?

Attached image autofill-checkbox.png

This gives users distinct control over whether or not passwords are autofilled without surfacing it to highly. Makes sense?

Assignee: nobody → prathikshaprasadsuman
Status: NEW → ASSIGNED

Add an Allow/Disallow autofill password option

This should wait to land until after the soft code freeze. It ends on Monday.

Pushed by prathikshaprasadsuman@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/684dcc4149ad
Add an Allow/Disallow autofill password option. r=MattN
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
Keywords: feature
QA Whiteboard: [qa-67b-p2]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: