Toolkit:Password Manager/Password Generation

From MozillaWiki
Jump to: navigation, search
  • Preferences:
    • signon.generation.available controls whether the feature is available for users (e.g. if the about:preferences UI should show).
    • signon.generation.enabled is the user pref to enable/disable the feature from about:preferences.

Firefox 70 (Desktop only)

See Y in AC MVP (AC stands for autocomplete) column of the backlog for work targeting Firefox 70.

Generate a single password format for all websites but allow the user to reveal and edit the password. Fill generated passwords via the two new UIs:

  • autocomplete on autocomplete="new-password" fields
  • context menu on any password field (even if it's not intended for new passwords)

Only a single field is filled for this version.

Generated passwords automatically save (if there are no conflicts) and/or a dismissed doorhanger appears to allow saving whenever one is filled. Any edits to the field that was filled should get reflected in the doorhanger and/or storage.

The user can reveal, edit and cut/copy the generated password when it is focused.

Generation is disabled in private windows for this initial version.

Open Bugs

Full Query
ID Summary Priority Whiteboard Status firefox70 Assigned to
1560032 Support cutting and copying from unmasked password fields P1 [passwords:generation] [skyline] affected Masayuki Nakano [:masayuki] (he/him)(JST, +0900)(Still struggling with the pain, but becoming better)
1548861 Update cache and storage with edits to password fields after generation P1 [passwords:generation] [skyline] affected Matthew N. [:MattN] (PM me if requests are blocking you)
376674 [meta] Improve password security by generating and managing strong passwords P2 [security:passwords], feature, [skyline] [passwords:generation] affected
1560029 Make password field values visible when focused after a generated password is filled P1 [passwords:generation] [skyline] affected
1548880 Add telemetry for when a field with a generated password is edited by the user P2 [passwords:generation] [skyline] affected Tim Nguyen :ntim
1560042 Merge logins if a user adds an existing username to a generated password in the doorhanger P1 [passwords:generation] [skyline] affected Sam Foster [:sfoster] (he/him)
1565409 Auto-save used generated passwords as long as there isn't already a login with an empty username for the site. P1 [passwords:generation] [skyline] affected Sam Foster [:sfoster] (he/him)

7 Total; 7 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Future

There are many enhancements possible for the feature which aren't part of the "AC MVP" column. Check the other rows for more details. Some of the key ones are:

  • Heuristics to suggest generated passwords in autocomplete when autocomplete="new-password" isn't used
  • Generating a password more appropriate for the site (length, character classes, etc.)
  • Requesting a new generated password if the user needs a different one
  • Filling both the new password field and the confirmation field at the same time
  • Generating passwords in private windows
  • etc.