You are here

Password Manager Improvements in Firefox 67

There have been many improvements to the password manager in Firefox and some of them may take a while to be noticed so I thought I would highlight some of the user-facing ones in version 67:

Credit for the fixes goes to Jared Wein, Sam Foster, Prathiksha Guruprasad, and myself. The full list of password manager improvements in Firefox 67 can be found on Bugzilla and there are many more to come in Firefox 68 so stay tuned…



  1. Due to interactions with the Master Password dialog, this change doesn't apply if a Master Password is enabled

Comments

But no integration with secret service in Linux so master password needs to be reentered every time you open Firefox nor is there an API to allow external password managers

We are considering using the OS key store for storing encryption keys but I don't have any definite plans to share.

There are many 3rd-party password managers that work fine in Firefox and there is an API for those extensions to disable Firefox's built-in password manger.

So will the new password handling be compatible with Mozilla's Sync Server? I'm heavily using SS for synchronizing bookmarks, tabs and passwords too, so it would be a pity if this ability gets dropped.

Yes, nothing about login storage or sync has changed.

All of that is fine and dandy, but THE thing I would like to see is something done about sites where Firefox does not offer to save the password (on several of which Chrome DOES). The simplest solution, which i would like to see, is the ability to manually add an entry in the Password Manager.

I'm happy to share that we have made a major improvement to this area in Firefox 68 and there are more improvements to saving coming. We already have work in progress to allow you to manually add a login as well. :)

What's the correct CSS to set the autofill background color ? Many websites look terrible with yellow boxes splatted on them.

https://wiki.mozilla.org/CSS/:autofill is unhelpful as the bugs are years old.

This is the first I've heard of issues about the colour even though we've used this colour for years for address autofill in the US. Bug 740979, linked from that wiki page, is the correct bug for adding support for changing the colour. The bug age isn't that important since we haven't had any complaints yet and therefore it wasn't a priority to fix. Could you please file a bug and provide URLs and/or screenshots of where it doesn't look good?

V 67.0
How do I disable or permanently remove the yellow highlight? My page, as the commenter above wrote, looks awful. I also just do not like it or need it. I have no problem with saving login/passwords. Thank you.

At the enclosed link re Correct CSS to set - There is no solution, although my ability to read technical explanations is not great. I do understand that this is not a security issue - it's just aesthetics (!!!)

See the earlier comment where I asked for example URLs and screenshots to be filed in a bug. There isn't a way for sites to override the colours as nobody has complained in the many years we've been using this style for address autofill. Without being able to see the problem we won't be able to come up with a solution.

Prior to 67.0, when I clicked DON'T UPDATE in a login, the WOULD YOU LIKE TO UPDATE THIS LOGIN? would go away, at least for awhile. Now it pops up every time I log in. I do not want to save my logins. All this has accomplished is to force me to click and extra DON'T UPDATE every time. This is in no way an improvement - it's just wrong.

Please file a bug about this as it isn't expected: https://bugzilla.mozilla.org/enter_bug.cgi?product=Toolkit&component=Pas...

I have verified the 3 main versions of Firefox (Release v67.0, Beta v68.0b5 and Nightly v69.0a1) and all behave the same, considering the appearance of the save/update password door hanger.
These are the details:
1. The "Save password" door-hanger appears every time if the user selects "Don't save" every time.
2. If the user selects "Never save", it will not appear at all for the site in question.
3. If the user saves his credentials and then changes his password, then the "Update password" prompt will appear every time if the user selects "Don't update" every time. Furthermore, this "Update password" door-hanger does not offer the option to "Never update", which would not make much sense.
Things I consider wrong:
4. When a set of credentials is already saved for the site in question, and another set is introduced, the user has the option to save it or not save it, but he does not have the option to "Never save" (to block the door-hanger on the site in question).
5. When the user saves a credential and then manually blocks the appearance of the door-hanger by manually blocking the website in the exceptions list in Preferences (or firstly blocks the site by "Never save" option on the door-hanger and then manually introduces a credential set on in Saved Logins), then, if the user changes his password, then the door-hanger to update the password will not appear and the auto-fill will be made with the incorrect password every time (until the user manually changes the password from the Saved logins).

Matt, can you please give me a feedback? Which of the situations above are expected and which are not? I'll log anything that needs logging.

4. When a set of credentials is already saved for the site in question, and another set is introduced, the user has the option to save it or not save it, but he does not have the option to "Never save" (to block the door-hanger on the site in question).

Can you file a bug with STR on this? Does it depend on the username being empty or having the same password stored? This code is maybe related.

5. When the user saves a credential and then manually blocks the appearance of the door-hanger by manually blocking the website in the exceptions list in Preferences (or firstly blocks the site by "Never save" option on the door-hanger and then manually introduces a credential set on in Saved Logins), then, if the user changes his password, then the door-hanger to update the password will not appear and the auto-fill will be made with the incorrect password every time (until the user manually changes the password from the Saved logins).

Hmm… that case should work the same as your #3 so please file a separate bug on this.

Thank you very much!

With Firefox 67 on macos, I think there is a regression when selecting between passwords.
Before FF 67, when 2 or more passwords were stored in password manager for a website, clicking the account in the list of suggested passwords filled the fields. Furthermore you could choose another login/pw if you wanted to.
Now with FF67, you have to select the account *and* type Enter. It is very annoying and, imho, an ergonomy regression, since your hand has to leave the mouse, use the keyboard, and return to the mouse.
I didn't see that issue on bugzilla, should I create a ticket there ?

Yes please. That wasn't an intentional change and I haven't seen any other reports about that.

ok, as every new release, a new wonderful fantastic super useful feature to be disabled... How this can be reverted? If a site ask me a password, and i already saved it, then means I SIMPLY WANT FIREFOX FILL THAT PASSWORD. I don't want to chose my username under the password field to see the field filled with the password. I simply want the password at its place without extra clicks. So, please, how can this be reverted to previous behavior?

How can what be reverted? You haven't given enough information to know what change you are talking about. Did you perhaps uncheck the checkbox to disable login autofill? From the main menu go to "Logins & Passwords" and make sure the checkbox is still checked.

Thank you for the answer and sorry for my bad english, I try to better elaborate my problem:

In previous firefox versions, if i browse to a page with a login form with saved data, i can see the login and password fields already filled in (the password field with a series of dots, of course.

In firefox 67 (yes, the autofill checkbox is checked), when I browse to the same page, the login field is correctly filled, but the password field no. Under that field there is a one line dropdown with the username and a key icon. If i want to fill the password field i have to select the username.

This is clearly an usefulness extra step. Why, if my credentials are already stored i have to select that username under the password field?

Does the website maybe use `autocomplete=new-password` on the password field?

This View Saved Logins is annoying and really serves no purpose.

Can you tell me how to stop seeing it every time I go to a webpage that I have saved username/password???

The purpose it serves is to get access to your login when the website has changed the domains they use. There isn't a way to shut it off. Other browsers also have it.

Hi,

Im using firefox since the very first version. Im used to have a password exporter addon to store my passwords outside of my os as a backup in an external storage. Few versions earlier firefox just destroyed the password export addon somehow, and im stuck with the issue. I have exported my passwords in an XML file (password exporter addon), and im unable to use import/export features since Firefox 60+ versions.. I have been searching for ages online forums to find an alternative way (thanks, but no, i dont want firefox sync or cloud storage for my passwords) and i have seen there are thousands of users all over the web with the same issue. Yeah, I found very complicated technical methods for export, but for import there is nothing just the manual typing.. There was a promise about a new password manager feature for Firefox 67 (here: https://www.ghacks.net/2019/02/12/firefox-67-password-manager-improvements/) but i didnt found anything like this in the latest version. Im talking in the name of 1000s of users: Can you help us somehow to provide a simple button solution for this issue? Thanks!

Firefox can import passwords from Chrome, IE and Edge on Windows. If you can import to them first then Firefox will import the logins.

Add new comment