Password manager should support subdomains with the same password
Categories
(Toolkit :: Password Manager, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox-esr68 | --- | unaffected |
firefox67 | --- | unaffected |
firefox67.0.1 | --- | unaffected |
firefox68 | --- | unaffected |
firefox69 | --- | disabled |
People
(Reporter: mlissner+bugzilla, Assigned: sfoster)
References
(Depends on 4 open bugs, Blocks 1 open bug, Regressed 2 open bugs)
Details
(Keywords: parity-chrome, parity-safari, Whiteboard: [passwords:cross-origin] [passwords:fill-ui] )
User Story
* As a user I want to be able to easily login to a website that changes its subdomain e.g. secure.example.com to www.example.com or www.example.com to example.com (or vice versa) * As a user I don't want to have to manage and duplicate logins for each subdomain a service uses. e.g. ADP.com and sched.com use the same account on many different subdomains. When I change one I don't want to have to manually delete/update the other duplicates. Implementation: * A saved login for a mismatched hostname but matching eTLD+1 host will be considered a candidate login and offered in the autocomplete menu * Logins saved for mismatched hosts will not be autofilled without user interaction. * Saving a login on a subdomain will still show a doorhanger if you didn't use autofill to fill it E.g. a username/password saved for login.example.com will not be autofilled in a login form on www.example.com, but will be offered in the autocomplete saved logins menu when focus is placed in the username or password field.
Attachments
(2 files, 2 obsolete files)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9pre) Gecko/20100814 Ubuntu/10.04 (lucid) Firefox/3.5.2 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.9pre) Gecko/20100814 Ubuntu/10.04 (lucid) Firefox/3.5.2 I run into this problem constantly, and it's quite irritating. What happens is that I save my password for a site at www.example.com, which works well. Then, I get an email from the site that says, "Log into our site at https://login.example.com." So, I click the link, and suddenly, I lack a password for the site. Next, I wonder, did I save the password for this site properly, or not? Better check if it's in the password manager under a different domain. So, I open it up by clicking the favicon button and then the "More Information" button, and then the "View Saved Passwords" button. Happily, this box is already filled in with the domain name and subdomain, so I delete the subdomain in the filter box, and then click the "show passwords" button, confirm that I want to do so, and FINALLY, I have the password I wanted. This can be completely avoided, if the auto-complete box for the site had a better implementation. I have a bunch of solutions for this: 1. Maybe, I should be able to save password for all domains, such that *.example.com is in the password manager. This could be done either by default, through a button on the "Remember password" prompt, or via manual editing in the password manager window. 2. Another option could be to have the password auto-complete on subdomains other than the one that it was originally saved for. So, if I save the password at www.example.com, and then go to login.example.com, the password auto-completes, anyway. Using something to mark the box with the subdomain that was used would be even better. So, maybe the password box is filled with www-******* rather than the usual ********, or is flagged in some similar way. I'm not alone in this problem, so I'm surprised I'm the first to file this bug. There are already two Q&A's about this on Superuser.com: http://superuser.com/questions/49543/default-username-and-password-for-example-com http://superuser.com/questions/68053/firefox-save-username-password-for-all-sub-domains Reproducible: Always
Comment 1•13 years ago
|
||
I would like it to support the editing of the domain used in the password store to where you could change where the password is used, like for example changing my http://username.deviantart.com/ to http://*.deviantart.com/ and have the browser recognized it no matter where I was. It is annoying on many sites of that nature in which you know you have a login for the site, but because it's so specific to a subdomain, you have to go through a couple of extra steps to get logged in, and the site don't return you to the page you were on, so you have to get back to the page you were on, then force a refresh so the browser gets the page logged in.
Updated•13 years ago
|
Comment 2•13 years ago
|
||
I would like to see this fixed also. A large number of blog- and gallery-type sites use the "username.sitename.com" format. Having Firefox ignore the subdomain should at least be an option. Steps to reproduce: 1. Erase all passwords saved for *.deviantart.com. 2. Go to www.deviantart.com and log in. Save the password when prompted. 3. Log out 4. Return to the Deviantart homepage. 5. Click Log On. The saved password does auto-populate. (Do not complete login.) 6. Go to any artist's subdomain site (artistname.deviantart.com). 7. Click Log On. The saved password does not auto-populate.
Another example of this is slashdot.org, news.slashdot.org, science.slashdot.org, entertainment.slashdot.org, etc. Quite annoying.
This is the opposite of Bug 613166. Also, subdomains of a higher level domain should use the password for that higher level. For example, I can log in to bugzilla.mozilla.org with a saved password, but not www.bugzilla.mozilla.org (and I do find it a bit odd that the Bugzilla cookie recognizing my login is not recognized if I'm using the www. subdomain).
Assuming different subdomains all use the same username/password combo is a bad idea. This might be true for a lot of outwardly facing commercial sites like ebay or Slashdot that only has one login. The problems are going to start for any internal sites with multiple different subdomains and different passwords for each. Large organizations commonly have internal systems with differing logins for different systems, many of which are differentiated by subdomain. You're going to create a much larger problem if you just start assuming that these subdomains all share a common usernames and passwords. IMO it's far better to be cautious about assuming same username/password and limit it to at most a single FQDN. If a user loads a site with the username/password filled out incorrectly they're much more likely to be confused and frustrated when they get bad login errors than they would be if the fields are simply blank.
Comment 6•12 years ago
|
||
(In reply to Vellmont from comment #5) You make a valid point, but perhaps the problem could be better solved with a hierarchical structure. For instance, the password saved for www.wikia.com would apply across all *.wikia.com addresses unless there is a "better match" saved for a specific subsite, like starwars.wikia.com.
I think that'd only slightly mitigate the problem, as it assumes you've logged into each subdomain correctly before. When you login to a new subdomain, you'll still get the potentially misleading username/password filled in. One idea would be to add a feature where applying the remember authentication data to an entire domain would be user selectable after login, defaulting to not. i.e. Remember password for all of example.com. (It's really hard to know if the average user really would understand what this means though)
Comment 8•12 years ago
|
||
This would be something more along the lines of an advanced user option, and A) something that should only be done in the password manager itself, and only if it finds multiple *.example.com entries with the same username and password stored in them. B) would also be done in password manger itself offering the option to modify "use this log in information across this whole domain". Then also, the need to handle the following is needed as well, when the user has several different usernames and passwords, but used across the whole *.example.com structure.
(In reply to Vellmont from comment #5) I agree that it should not save all *.example.com as default, but perhaps, as colin suggests, it could be intelligent about this if multiple matches are found. Even better would be to automate this on-the-fly. When the user saves the same username/password for another *.example.com url, perhaps a dialogue box could pop up, asking if the details should be extended to all of that second-level domain. At the very least, it should be possible to manually change the entry in the password manager from www.example.com to *.example.com.
Comment 10•12 years ago
|
||
Extra dialogue boxes should be avoided where possible, and it's possible here. Example: User enters information into sub1.maindom.com for the first time. Firefox asks (paraphrased here) "Do you want to save the password for this site?" with options "yes," "not now," and "never for this site." We could replace the original "yes" with options "yes, for all of sub1.maindom.com", "yes, for the sub1.maindom.com level only", "yes, for all of maindom.com." [or use "*." instead of "all of "] and put the option that the current "yes" corresponds to in bold. Any solution here needs to account for the fact that subdomains can be nested quite deep; e. g. see my Comment 4 about logins at www.bugzilla.mozilla.org being different than bugzilla.mozilla.org.
Comment 11•12 years ago
|
||
...and I would add options for each of the domain levels from one-below current to a TLD or maybe even one less than that (e. g. it doesn't make sense to have a login saved for all *.co.uk sites). I also echo Sparhawk's idea in Comment 9: >At the very least, it should be possible to manually change the entry in the >password manager from www.example.com to *.example.com.
Comment 12•12 years ago
|
||
...and that the manual changing of the entry is something that cannot be done by a web page, maybe not even add-ons (at least add-ons should not be able to change the base domain). That's for security, so a hacker can't change your banking/Paypal password to apply to his domain and get your information without your knowledge. Also, there are third-party password managers available for any super-frustrated people reading this bug who want a fix ASAP.
Comment 13•12 years ago
|
||
(In reply to WBT from comment #12) > Also, there are third-party password managers available for any > super-frustrated people reading this bug who want a fix ASAP. Do you mind posting some of these links?
Comment 14•12 years ago
|
||
Well, the two that come to mind most readily are Abine (http://abine.com/ - which has a nice bundle of features) and LastPass (https://lastpass.com/). You can search add-ons for "password manager" or similar terms to find additional choices. Other people may reply to this comment and add other tools. I can't vouch for any of these in terms of functionality, security, etc - I use FF's password manager and even disabled the one in Abine. You should check the details, security, policies, etc. of any password management system before using it, knowing who has access to all your passwords as well as where and how they're stored.
Comment 15•12 years ago
|
||
(In reply to WBT from comment #14) Thanks for that. I actually do use Abine already, but apparently the password management part is "Coming Soon". I've heard of LastPass too, which seems like a decent service, but not for me, as I don't like the idea of all my passwords being kept on a third-party server. I guess the FF bug is not such a massive deal that I'm willing to totally switch, unless there is an add-on that modifies the operation of the FF keyring/keychain. Thank you for the suggestions anyway.
Updated•10 years ago
|
Updated•9 years ago
|
Comment 16•9 years ago
|
||
Recipes could help with this.
Comment 17•9 years ago
|
||
Just adding to this feature request, I'd similarly like the ability to ignore password manager for an entire domain. Even if it was just by allowing the user to manually edit the list of ignored sites in a similar manner as that which is described in comment 1.
Comment 18•8 years ago
|
||
Adding on... I'd especially like to be able to update already-saved passwords for all subdomains of a particular domain. We have single-sign-on at work, and every 90 days when I'm forced to change the password, I have Firefox update popups for a week. thanks Jonathan
Comment 19•8 years ago
|
||
(In reply to Jonathan Nicol from comment #18) > Adding on... I'd especially like to be able to update already-saved > passwords for all subdomains of a particular domain. We have single-sign-on > at work, and every 90 days when I'm forced to change the password, I have > Firefox update popups for a week. See https://addons.mozilla.org/en-US/firefox/addon/mass-password-reset/
Comment 20•8 years ago
|
||
We'll likely do this with user interaction via autocomplete and the context menu without built-in realms.
Comment 22•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/73638/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/73638/
Comment 23•8 years ago
|
||
Comment on attachment 8784063 [details] Bug 589628 - Broaden search criteria to include subdomains in context menu. Woops, moving this patch to 1200472.
Updated•6 years ago
|
Updated•6 years ago
|
Comment 26•5 years ago
|
||
Thanks :MattN for linking bugs. As not perfectly a duplicate of bug: 1521381, not all shared logins are across similarly named URLs, e.g. *.StackExchange.com and AskUbuntu.com. Suggested solution is to link and unlink logins, as one does with contacts on Android phones. Similarities might be suggested but dissimilar ones can be searched for and linked. Confirmation or warning when changing multiple passwords may be prudent.
Comment 27•5 years ago
|
||
Yeah, I understand. Dealing with subdomains is the first step. Sharing across other top-level domains is bug 1120684.
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 30•5 years ago
|
||
Comment 31•5 years ago
|
||
Comment 32•5 years ago
|
||
Comment on attachment 9058628 [details]
Bug 589628 - Add a second row to autocomplete items for logins that shows origins. r?MattN
Revision D27719 was moved to bug 1550669. Setting attachment 9058628 [details] to obsolete.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Comment 33•5 years ago
|
||
Comment 34•5 years ago
|
||
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/12727cfe2472 Password manager should support subdomains with the same password. r=MattN https://hg.mozilla.org/integration/autoland/rev/5150c8c0a8b7 Tests for LoginManagerParent._searchAndDedupeLogins.
Comment 35•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/12727cfe2472
https://hg.mozilla.org/mozilla-central/rev/5150c8c0a8b7
Comment 36•5 years ago
|
||
Please let me DISABLE this!
I am using multiple services under same top level domains and have different usernames and passwords for each service, so it is annoying to browse through multiple irrelevant choices (just to accidentally click the wrong one).
Everything was going the right way fine until FF68 nightly, like password manager directly accessible from menu, but I just hate this change in 69 nightly with many usernames and passwords that I don't need and having to search for the right one each time.
I am not asking to revert this, probably some people like this, but only a way to disable it for me...
Thank you and keep up the good work
Sinisa
Comment 37•5 years ago
|
||
(In reply to Sinisa Bandin from comment #36)
Please let me DISABLE this!
I am using multiple services under same top level domains and have different usernames and passwords for each service, so it is annoying to browse through multiple irrelevant choices (just to accidentally click the wrong one).
Bug 1555210 should address this by making the relevant options at the top so you don't have to browse through others.
I am not asking to revert this, probably some people like this, but only a way to disable it for me...
Chrome and Safari don't have a supported way to disable this so I would rather make this work better for you instead of having you run in an unsupported configuration with it disabled. Can you file bugs for ways to make it better (if bug 1555210 isn't sufficient)? Are you using unique passwords for each subdomain? We should be deduping so you only see unique un+pw combinations but maybe that isn't working?
Comment 38•5 years ago
|
||
I would be OK with Bug 1555210 solution, but it has to consider whole path, because sometimes I have different logins for different paths on same address (example: https://my.server.dom/mrtg uses one user-pass combination, and https://my.server.dom/icinga uses something different)
But then again, it was working just fine before 69-nightly, offering just the right user-pass combo, and I would really prefer to be able to hide/not show all irrelevant logins. On those rare occasions when I really needed same login for different sub-domain it was easy to find it in password manager, especially since maybe FF67 or FF68, when it appeared in first level of "three strips" menu.
Maybe make this optional? One checkbox in "Options" or even in "Logins&Passwords", near the "Autofill logins and passwords" box?
Comment 39•5 years ago
|
||
(In reply to Sinisa Bandin from comment #38)
I would be OK with Bug 1555210 solution, but it has to consider whole path, because sometimes I have different logins for different paths on same address (example: https://my.server.dom/mrtg uses one user-pass combination, and https://my.server.dom/icinga uses something different)
That is bug 263387 and a separate issue. Note that multiple applications on one domain is not good for security.
But then again, it was working just fine before 69-nightly, offering just the right user-pass combo, and I would really prefer to be able to hide/not show all irrelevant logins.
If there is only one exact match login you won't see the popup at all as it would get autofilled so this isn't a common problem btw.
On those rare occasions when I really needed same login for different sub-domain it was easy to find it in password manager, especially since maybe FF67 or FF68, when it appeared in first level of "three strips" menu.
For the average user, it isn't uncommon for a site to change subdomains and then many users wouldn't be able to log in so this is helping them a lot.
Maybe make this optional? One checkbox in "Options" or even in "Logins&Passwords", near the "Autofill logins and passwords" box?
We could but Chrome and Safari don't have an option and that complicates testing… I'd rather give it more time for people to adjust and see if other improvements can be made instead. Those improvements would happen in separate bugs.
Comment 40•5 years ago
|
||
(In reply to Matthew N. [:MattN] (PM me if requests are blocking you) from comment #39)
(In reply to Sinisa Bandin from comment #38)
I would be OK with Bug 1555210 solution, but it has to consider whole path, because sometimes I have different logins for different paths on same address (example: https://my.server.dom/mrtg uses one user-pass combination, and https://my.server.dom/icinga uses something different)
That is bug 263387 and a separate issue. Note that multiple applications on one domain is not good for security.
You are 101% right, didn't think about that
But then again, it was working just fine before 69-nightly, offering just the right user-pass combo, and I would really prefer to be able to hide/not show all irrelevant logins.
If there is only one exact match login you won't see the popup at all as it would get autofilled so this isn't a common problem btw.
Not actually, I am offered a choice of one (!) login on sites where I have only one account, and even that only when I click inside "username" box.
But even that is not universal, on another machine (with same Linux OS, same FF nightly) username and pass are autofilled if there is only one possibility. (It could be because some changes in about:config that I have done long time ago and forgot what I did, it doesn't bother me at all)
On those rare occasions when I really needed same login for different sub-domain it was easy to find it in password manager, especially since maybe FF67 or FF68, when it appeared in first level of "three strips" menu.
For the average user, it isn't uncommon for a site to change subdomains and then many users wouldn't be able to log in so this is helping them a lot.
Maybe make this optional? One checkbox in "Options" or even in "Logins&Passwords", near the "Autofill logins and passwords" box?
We could but Chrome and Safari don't have an option and that complicates testing… I'd rather give it more time for people to adjust and see if other improvements can be made instead. Those improvements would happen in separate bugs.
Well, I don't really care for either, not using them...
I think "my" browser should be more advanced than "their" :)
Thanks anyway, and best regards,
Sinisa
Comment 41•5 years ago
|
||
This is wrong/wicked feature :( Potentially login data leak....
Comment 42•5 years ago
|
||
(In reply to Sinisa Bandin from comment #38)
Maybe make this optional? One checkbox in "Options" or even in "Logins&Passwords", near the "Autofill logins and passwords" box?
This is the way to go.
A checkbox for each entry with off as default. The user has to be explicit here with a fine grained control.
(In reply to Alice0775 White from comment #41)
This is wrong/wicked feature :( Potentially login data leak....
Well, I'd like to argue. If we have a whitelist-like control this should be no problem.
Comment 43•5 years ago
|
||
Should this go into final product (as opposed to staying only in Nightly) Firefox should somehow count the number of times an username/password combination was used for each url (together with path!) and put most frequently used at the top.
As it is now, I constantly have to scroll down to find the right combination, although I always use the same for the same path...
Comment 44•5 years ago
|
||
Disabled for non-Nightly in bug 1563325.
Comment 45•5 years ago
|
||
Should not this fix also be pushed in beta/nightly?
Assignee | ||
Comment 46•5 years ago
|
||
(In reply to Bodea Daniel [:danibodea] from comment #45)
Should not this fix also be pushed in beta/nightly?
We're holding this in nightly for now. This feature is tentatively scheduled for 71.
Updated•4 years ago
|
Updated•4 years ago
|
Comment 47•4 years ago
|
||
I discovered this bug by way of bug #1592022, which reported that this behavior became default in version 71. I had been noticing an annoying behavior of Firefox suggesting saved logins I had from many sites on the same domain when I visited any app's login page within that domain.
I ultimately was able to disable the feature by setting signon.includeOtherSubdomainsInLookup to false, but I would recommend elevating this setting to a visible option in the preferences user interface. I had to do some searching to find the right terminology to find the path to this bug. I was using phrases and words like "login autocomplete dialog proposal menu includes unrelated suggestions from same domain" and kept permuting the phrase with synonyms for a while to find this.
When I have a unique login per webapp within a domain, it's jarring/alarming to be presented with a bunch of other logins for unrelated webapps. This is especially worrisome in the context of web developers who may manage multiple instances of the same app in a single domain, each with different credentials. The opportunity for unintended credential cross-talk is very high in that scenario.
I can appreciate the desire for this feature, especially for some use-cases in domains with SSO, or people who are not using an external password manager, or for people who do not use a unique password on every site.
But I really would like to see this elevated to a visible setting. Maybe even a setting on the passwords or domains themselves (e.g., "This credential pair is applicable to multiple hosts in this domain.")
Comment 48•4 years ago
|
||
I don't believe Safari or Chrome have a user-visible option for this but have it enabled. How do they address this issue?
Comment 49•4 years ago
|
||
(In reply to Brian Hauer from comment #47)
But I really would like to see this elevated to a visible setting. Maybe even a setting on the passwords or domains themselves (e.g., "This credential pair is applicable to multiple hosts in this domain.")
I agree, when using Firefox in enterprise environment, this feature is awful.
We have a dozen of web apps that are subdomains of our internal domain (but they not always use the same logins).
Lockwise displays logins for all web apps, the list is too long and the users are confused.
Vellmont warned about enterprises environments 5 years ago :
(In reply to Vellmont from comment #5)
Assuming different subdomains all use the same username/password combo is a
bad idea. This might be true for a lot of outwardly facing commercial sites
like ebay or Slashdot that only has one login. The problems are going to
start for any internal sites with multiple different subdomains and
different passwords for each.Large organizations commonly have internal systems with differing logins for
different systems, many of which are differentiated by subdomain. You're
going to create a much larger problem if you just start assuming that these
subdomains all share a common usernames and passwords.
His comment was ignored and 5 years later, this feature is unusable in organizations that have internal websites.
Please, look at the Microsoft Office story : Microsoft spread it so well in enterprises environments that it's now hard to convince people to install LibreOffice (or similar) instead of Microsoft Office at home.
We are your ambassadors, don't ignore us. :)
Fortunately, Brian Hauer found the setting signon.includeOtherSubdomainsInLookup
that disable this feature. It could just have been mentioned in the changelog at the first place.
Comment 50•4 years ago
|
||
+1 for revising this, it is really annoying. I use subdomains for several unrelated services on my personal domain (e.g. wiki.domain.com, nextcloud.domain.com, ...) and am presented with a large list of unsuitable options.
Since some applications require the use of an email address and some don't allow '@' in usernames, I cannot use the same user/password for all services, also that would go against security best practise (e.g. use a distinct password for each service - that's why I use a password manager in the first place).
At least Firefox should definitely not present "alternative" logins if there are already stored credentials for a given FQDN. And even if there aren't, the list should not be that large. At max two or three proposals from other subdomains should be shown, plus possibly a link to the password manager if there are more.
Comment 51•4 years ago
|
||
For me in enterprise environment this feature is great positive change.
We use a lot of services on xxx.example.com, but never on example.com
They all use one AD password.
Comment 52•4 years ago
|
||
For users who find the subdomain login suggestions overwhelming in some cases, please follow bug 1601558.
Comment 53•4 years ago
|
||
Bugbug thinks this bug is a regression, but please revert this change in case of error.
Updated•4 years ago
|
Comment 54•3 years ago
|
||
The default behavior is acceptable for most people. But for corporate sites, it just doesn't work for those users. It needs to be a site by site setting.
There should be another option/toggle in the "Page Actions" dropdown in the URL bar, that says something like "Exclude other subdomains in lookups". Clicking that would ignore other subdomains for that root domain name.
Description
•