Toolkit:Password Manager/Password Generation

From MozillaWiki
Jump to: navigation, search
  • Preferences:
    • signon.generation.available controls whether the feature is available for users (e.g. if the about:preferences UI should show).
    • signon.generation.enabled is the user pref to enable/disable the feature from about:preferences.

Firefox 70 (Desktop only)

See Y in AC MVP (AC stands for autocomplete) column of the backlog for work targeting Firefox 70.

Generate a single password format for all websites but allow the user to reveal and edit the password. Fill generated passwords via the two new UIs:

  • autocomplete on autocomplete="new-password" fields
  • context menu on any password field (even if it's not intended for new passwords)

Only a single field is filled for this version.

Generated passwords automatically save (if there are no conflicts) and/or a dismissed doorhanger appears to allow saving whenever one is filled. Any edits to the field that was filled should get reflected in the doorhanger and/or storage.

The user can reveal, edit and cut/copy the generated password when it is focused.

Generation is disabled in private windows for this initial version.

List of popular sites using autocomplete=new-password

Other sites

Firefox 72 (Desktop only)

bug 1566536 - Allow generating passwords in private windows

Firefox 74 (Desktop only)

bug 1595915 - Context Menu: have suggest secure password option at the top of the main list

Firefox 76 (Desktop only)

Use Fathom (machine learning model) to offer password generation on sites that don't use autocomplete="new-password"

Firefox 77 (Desktop only)

  • Fills both the new password field and the confirmation field at the same time (bug 1576490)

Uplift

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


Open Bugs

Full Query
ID Summary Priority Whiteboard Status firefox76 Assigned to
1548854 Dedupe autocomplete rows offering a generated password and the auto-saved login row P2 [passwords:generation] ---
1584185 Password auto-filled with the wrong password (generated password) P2 [passwords:generation] ---
1629894 [False Negative] Password generation is not offered for new password field on sohu.com P2 [passwords:generation] affected
1629895 [false negative] Password generation is not offered for the Register password fields on DigiFinex P2 [passwords:generation] affected
1629901 [False Negative] Password generation is not offered for new password field on sogou.com P2 [passwords:generation] affected
1629903 [False Negative] Password generation is not offered for new password field on zhanqi.tv P2 [passwords:generation] affected
1629904 [False Negative] Password generation is not offered for new password field on weibo.com P2 [passwords:generation] affected
1629912 [false negative] Password generation is not offered for the Register password fields on twitter.com P2 [passwords:generation] affected
1629916 [false negative] Password generation is not offered for the Register password field on vk.com P2 [passwords:generation] affected
1629920 [False Negative] Password generation is not offered for the password field on facebook.com change form P2 [passwords:generation] affected
1631818 [False Negative] Password generation is not offered for the New password field on facebook.com recovery form P2 [passwords:generation] affected
1633837 [False Negative] Password generation is not offered for the New password field on zoom.us registration form P2 [passwords:generation] ---
1655165 Make sure all NewPasswordModel.jsm rules work fully with ShadowDOM P2 [passwords:generation] ---
1559986 Add special characters / symbols to generated passwords P3 [passwords:generation] ---
1569568 Add option to generate a new secure password from the context menu for the same principal and session P3 [passwords:generation] ---
1570215 Add more character classes to password generator P3 [passwords:generation] ---
1570319 "No username" in case of secure autosaved passwords is not intuitive enough P3 [passwords:generation] ---
1571398 Yahoo and Google generated passwords are not highlighted correctly P3 [passwords:generation] ---
1571428 Passwords generated on the LinkedIn "Change Password" form don't have the intended highlight P3 [passwords:generation] ---
1571503 Determine when the password visibility doorhanger toggle should be shown/hidden P3 [passwords:capture-UI] [passwords:generation] ---
1582489 [RTL] "Use a Securely Generated Password" (autocomplete="new password") string is not displayed according to RTL design P3 [passwords:generation] ---
1583566 Support recipes for password generation requirements P3 [passwords:generation] ---
1586306 Modal password change dialog is shown after password generation on local files P3 [passwords:generation] ---
1590411 Filling generated password (from subdomain) using a domain username will create new saved login P3 [passwords:generation] ---
1611308 Some context menu items that modify values should be disabled for disabled form controls P3 [passwords:fill-ui] [passwords:generation] ---
1623431 Don't autofill in password fields our heuristics identify as new-password fields P3 [passwords:fill-ui] [passwords:generation] wontfix
1629892 [false positive] Password generation is offered for the Login password field on bitribe.com P3 [passwords:generation] affected
1634783 Honour minlength/maxlength attributes when generating a password P3 [passwords:generation] ---
1634787 Honour the `pattern` attribute when generating a password P3 [passwords:generation] ---
1650312 User adjustable length (and adjustable range) of generated secure password P3 [passwords:generation] ---
1583541 FIll Password/Use secure password disabled in case of Master password P4 [passwords:generation] [passwords:master-password] ---

31 Total; 31 Open (100%); 0 Resolved (0%); 0 Verified (0%);


Future

There are many enhancements possible for the feature which aren't part of the "AC MVP" column. Check the other rows for more details. Some of the key ones are:

  • Use heuristics to not autofill saved logins when autocomplete="new-password" isn't used (bug 1623431)
  • Generating a password more appropriate for the site (length, character classes, etc.)
  • Requesting a new generated password if the user needs a different one (bug 1569568)
  • etc.