You are here

Firefox Password Manager Update: 2015-Q2

Continuing from the Q1 update, here's a summary of the password manager progress made in the second quarter of 2015 (in no particular order):

  • <form>-less login – Unfortunately some sites don't use a <form> submission for login and/or registration despite the many downsides involving accessibility, HTML5 validation, inconsistent UX, lack of form/password manager support, etc. If you're building something which looks like a form (likely using <input>) then you should almost always use a <form>, even if it's a client-side form which isn't doing a GET/POST submission itself as you can simply use event.preventDefault(); for the submit event.
    Since evangelizing best practices isn't going to get sites to change in the short term and we want users to be able to rely on the password manager, we're implementing support for capturing and filling passwords on pages not using forms. Most code has been changed to pass around a FormLike abstraction instead of <form> references so we don't need to implement special logic throughout the code. Autofill is implemented while autocomplete and capture are in progress.
  • Edit logins at capture time (desktop and android) – If the wrong fields are detected for a username and/or the password or a site modifies the values after you type in them (e.g. to implement a custom masking with asterisks: user****), the user can edit both the username and password so the correct values are filled upon the next visit to the site.

    Source: @ryanfeeley on Twitter
  • Copy passwords from the Android Site Identity doorhanger – If for whatever reason a login can't be autofilled, you can now copy the password to the clipboard from the Site Identity panel on Android.
  • Experimental Fill UI – Similar to the above on Android, there's experimental UI to be able to fill and manage logins from the key icon in the identity block (eventually probably integrated into the Site Identity panel). You can enable the basic experimental UI with the preference signon.ui.experimental in about:config.
  • View your password in the manager on Android – Sometimes you just need to see what your saved password is e.g. to type it on another device without Firefox Sync so the ability to view passwords was added in the Firefox password manager on Android.
  • Making HTTPS upgrades smoother – When deciding whether to autofill a form, we will now also consider logins saved for the HTTP version of the saved form action while on HTTPS in order to make sites upgrades to HTTP easier. Note that handling upgrades for the form's own origin is still in progress.
  • Other bug fixes:
    • Bug 1152422 – Ask to save the new password in a change form with no username even if we have no saved logins for the site
    • Bug 1155390 – Don't prompt to update a password when there is no username field and the password is identical
    • Bug 998893 – Login/password not autocompleted due to custom placeholder implementation swapping @value
    • Bug 1170772 – Get password manager xpcshell tests running on Android
    • Bug 1173688 – Password manager sync promo appears when signing in/up for Sync from an iframe

    Expect to see many more improvements in upcoming months as we continue to make major improvements to the password manager. If you'd like to contribute to this project, check out the password manager wiki page for mailing list, IRC, bug list and other information.


Loving to see this progress! Especially the ability to copy passwords, plus the https thing.

Add new comment