2006-02-13

improving Firefox password saving

Using Firefox's password saving functionality is a frustrating experience for me, and I suspect it's frustrating for other users too. It has several problems:

Problem #1: when Firefox remembers more than one password (or, more accurately, both a password and a username) for a given site, it doesn't autofill the login form or give me any clue what the usernames/passwords are until I correctly guess the first letter of one of the usernames.

Although I only have multiple accounts at a couple sites (principally those of two utility companies which made me create new accounts when I moved), I regularly enter my login info incorrectly and then mistakenly tell Firefox to remember it, so I now have invalid remembered passwords at a number of sites, and Firefox no longer autofills their login forms.

Problem #2: Firefox asks me whether it should remember usernames/passwords the moment I submit a login form, and it does so via a modal dialog, so I can't wait to see if my login attempt succeeded before deciding to save the info.

Problem #3: Deleting passwords is hard. It's only possible via the password manager, and every time I open the manager I have to rediscover how its list is sorted. Unfortunately the list turns out to be sorted by raw URL, so http://example.com/, http://www.example.com/, and https://www.example.com/ are all in different places on the list, and I have to hunt them all down to find the one(s) I'm looking for.

Fortunately, fixing these problems seems relatively straightforward.

First, when a user loads a login page for which Firefox remembers multiple username/password combos, the browser should display a non-modal status bar (similar to the popup blocker status bar) which lists the usernames and prompts the user to select one. When the user does so, Firefox should fill in the form and perhaps also automatically submit it. Here's a mockup of how it might look:



Second, when a user submits a login form with an unfamiliar username, Firefox should ask if the user wants to remember the info via another non-modal status bar, something like this:



Third, the password manager should support filtering, just as the cookie manager does, via a "Search" field that restricts the list to matching entries.

With these changes:

  • users will be able to see and pick between multiple remembered username/password combos for a given site;
  • users won't have to decide in advance whether to save that info; they'll be able to do so after seeing if their login attempts have succeeded;
  • users deleting passwords using the password manager will be able to filter the list to find just the passwords they want to delete.

As a beneficial side-effect, users will be able to ignore the "save this password?" question instead of being forced to answer it every time. And to make deleting passwords even easier, we might include UI for doing so right from the "pick an account " bar (f.e. a context menu item).

Thoughts?

66 comments:

rjm said...

yes, yes, yes. i share the same sentiments. your solution would be exactly what i would like to see. the #&$*$^* popup window is useless if you entered the wrong login. please try to get this changed. thanks.

Cameron said...

My comments? DO EET!

Anonymous said...

brilliant!

Erik said...

You can delete saved usernames/passwords in the drop down list in a form by pressing shift-DEL. Not very obvious, but easier than hunting down the url in the password manager.

Anonymous said...

Good solution. But yellow bar should flash 2 seconds or something. People actually doesn't see it. Like if the popup is opened.

Villa said...

I don't know if the multiple password solution is worth it. In reality it's very few people who have multiple passwords on any site, and adding the popup may be confusing, as it is very inconsistent with what happens when you have only one password.
A more subtle alternative would be to pick one of the user/password combos, autofill the fields, and if the user hovers over any of the textboxes, some tooltip could appear allowing the user to change the selection. Again, it doesn't seem so necessary as very few users would need it.

radiok said...

Excellent solutions, I've been having all the same problems forever! I'd like to add something useful but I think your plans are perfect for now. I'm sure I'll find some flaw in practice down the road, but for now it's an amazing improvement.

Gopalarathnam Venkatesan said...

Awesome!
Would this be part of Firefox 2.0?

尼古拉 said...

Yes! Please make this happen in Firefox 2.0! Please!

David Naylor said...

Some of the comments above have claimed that not many people have multiple accounts for one website. That may be true, but don't forget...

Family computers are used by several people who may have one account each, so don't ignore the multiple account situation.

Anonymous said...

What would be fine too is that the password manager can distinguish between http://landfill.bugzilla.org/bugzilla-tip/ and http://landfill.bugzilla.org/qa220/ which are two different intallations with different logins and passwords, despite being on the same site.

One of the reason Fx doesn't autocomplete the login form is because it sees several logins available, despite there is only one for a given installation.

Percy Cabello said...

Those would be nice improvements indeed. When you say "unfamiliar" passwords, you mean, new ones, right?

I would also add to this set of improvements:
- it's not always evident why Firefox is requiring me to enter the Master Password. For example when using the Foxmarks extension. When Firefox starts up it will almost immediately ask for the master password (for sync purposes). It would be good to have some clue of what resource authentication needs to take place. Something like:
"Please enter the Master Password. [Extension] requires to authenticate.

- From my experience not many users understand the whole Master Password stuff. I believe a metaphor would serve better the use of this feature. Like calling key a username/password pair, then the password manager becomes the keyring or key manager and the master password the key manager password or keyring password.

- I don'remember right now if the first time a user accepts to store a password he is offered to set a Master Password.

- The prompt for the master password of the Software Security Device is confusing and it could also explain a little better what Firefox needs it for.

Dao said...

In fact, nearly all Promts are annoying because they disable the entire window. This should be fixed generally.

Chris Dolan said...

Villa said...



I don't know if the multiple password solution is worth it. In reality it's very few people who have multiple passwords on any site, and adding the popup may be confusing, as it is very inconsistent with what happens when you have only one password.


I disagree. My wife and I share the home computer, each with our own logins for Yahoo, the public library, etc. We don't bother with seperate Firefox profiles because of the overhead of switching. Myk's proposed solution would benefit me greatly.

ten_on said...

Just copy Opera's Wand and it'll be fine.

Grauw said...

With regard to problem 1, if you focus the username field, then click inside it again, a list of available choices pops up. Also, if you press Shift+Del when an item is focused, you can remove it from the list.

With regard to the first part of your solution, automatically filling in when pressing a button is 1 step more than I currently have for most sites. I really don’t have trouble with the current solution, although its discoverability isn’t very good, and the saved password manager could be better (and offer me to manually input entries when Firefox doesn’t detect it by itself).

Automatically submitting doesn’t seem like a good idea, as often there is additional information needed before submitting successfully, e.g. Blogger’s ‘Word Verification’, or even a simple ‘remember me’ checkbox. Also, it doesn’t ‘feel’ right to log in or submit a post by clicking on a bar on the top of the screen instead of the submit button that is offered, I don’t trust it. Things like keyboard accessibility and tabbing order will also be sub-optimal.


~Grauw

malte said...

The bar with all the accounts may be too short when the browser window is too small or when there are too much passwords to be shown.
So I'd prefer a non-modal, always-on-top-of-this-browser-window/tab popup that does not appear on the status bar.

Another issue of the current behavior is that password and username are not filled in until the page has finished loading. This is very annoying on slow or very long pages.

Anonymous said...

I don't digg those bars that shift the content area around.

I think it would be better to somehow float the choose-user thingie over the user input field.

As per modal dialog for remembering, fx doesn't remember the password on a failed log-in, AFAICT. Maybe we just need to improve the wording in that dialog. Making firefox remember the login after the login would require that it remembers the login. With my german-over-privacy-hat on, that sounds odd.

Axel

Anonymous said...

I think all of these sound like fine ideas. Issues 1 and 2 plague me particularly, but then I don't have so many accounts with so many sites.

Having these things non-modal is a really good idea. This sort of helpful user-interface work (e.g. the find bar) is one of the things that makes Firefox stand out, and one of those things that you tend to not be able to go back to once you've tried it :)

What are the chances of this making Firefox 2.0? Or will it likely be 3.0?

Anonymous said...

Regarding Firefox currently not remembering the password if the login fails, I assume this only works if you get the correct status code from the server that indicates this.

I didn't know that - yes that dialog text needs to be made clearer if these changes don't make it.

Vi said...

ReRegarding it's very few people who have multiple passwords - In my guesstimate about 50% of Internet users have multiple passwords. Somebody who doesn't have them is much less than an average Internet user and therefore their opinions should be regarded as not credible. By the way, the proposed solution makes life easier regardless of how many passwords one has.


Regarding auto-submission - it should be optional, for sure. One solution would be right-click the password on the proposed bar and check Autosubmit option. And of course there should be a Autosubmit column in Password Manager.

Asrail said...

Seamonkey has modal (ugh, modal!) dialogs for you choosing the account when loads a website with more than one password stored.

It could be a non modal dialog, instead of that bar (it looks ugly).

Also the first bar should have "OK" and "Cancel" buttons.

Seamonkey doens't remember the rejected passwords to me.
Some sites accpets them and loads a page telling it was wrong, so it's a problem.
But as most sites are OK, I don't have troubles remembering them.

Dao said...

Autosubmitting would certainly fail on some sites, but the reasons may not always be obvious to the user. So it should be left out.

Mike said...

Myk, I've been meaning to file bugs on these things forever. Please do so and CC myself and mconnor.

Would this require extending the browsermessage element to be non-modal? I'm pretty sure that it's tied to the page right now, isn't it? Even if it is, I suppose we could show it after the user has submitted the password and the resulting page (which will indicate success or failure) has loaded.

Thanks for taking the time to write all this up.

Anonymous said...

+1 for a topmost bar instead of the current dialog.

Multiuser situations have to be properly worked out, though.

Rafael said...

On the second screenshot, what's the phishing/spoofing risk?

Is there a way that infobar can be an iframe and capture someone's username and password? Other attack?

Myk said...

Thanks for all your comments and the info on the shift-del and focus-then-click shortcuts. A few notes:

Per Mike, I've now filed bugs 327044, 327047, and 327048 on the issues.

re: few users having multiple accounts on a site, that's probably true, but it doesn't account for invalid saved username/password combos due to typos or bad memory. The pre-submit modal save password dialog exacerbates this problem, since it makes you choose whether to save the password before you know if it's correct, but even with that fixed, I suspect users will continue to sometimes save incorrect credentials.

re: making this happen in Firefox 2, I can't say at this point. It all depends on whether someone (perhaps me, but not necessarily so) will have the time to do it.

re: the use of the word "unfamiliar", yes, I do mean "new" passwords (those on neither the "saved passwords" list nor the "don't save these passwords" list).

re: Firefox not saving passwords when login attempts fail, in my experience almost all failures return normal-looking HTML pages with regular HTTP response headers, and Firefox doesn't detect that those pages reflect login failures. Perhaps my experience is atypical, but I use popular sites like Amazon, eBay, and Paypal, so I suspect it isn't.

Anonymous said...

Good idea but shouldn't the bar be the same color as the tab bar?

Yellow means caution, and seems best reserved for extension installation.

Dao said...

somehow related:
http://blogs.msdn.com/ie/archive/2006/02/13/531367.aspx

Anonymous said...

Your bar for choosing a login made me think of Ping's anti-phishing proposal:
http://usablesecurity.com/2006/02/08/how-to-prevent-phishing/

Gerv

Anonymous said...

Did you rip the code from Netscape 8?
It does it exactly like this in a yellow bar at the top....

They call it an AutoFill 'Passcard' and the system works quite well.

I suggest everyone download Netscape 8+ and see all the neat things they have added to the Firefox 1.0.7 code-base. For some reason long-time Netscape users hate the 'new Netscape', but I think Firefox 1.5 users would be pleasantly surprised..

Anonymous said...

I have been frustated with this same issue and this seems like a good solution. PROCEED!

The Masterbaker said...

Good idea myk,

what's this "download netscape 8" thing? fool me once...

Myk said...

No, I didn't take the code from Netscape 8. In fact, I haven't written any code at all yet. Those screenshots are just mockups.

Anonymous said...

If I choose "never remember" when I am first asked to save a password is there a way to change my mind?

Myk said...

Yes, you can change your mind by going to Preferences, clicking the Privacy icon, selecting the Passwords tab, clicking the View Saved Passwords button, selecting the Passwords Never Saved tab, and then selecting the site from the list and then clicking the Remove button to remove it.

Anonymous said...

i tried the password never saved area and there's no forms listed. I'm using 1.5.0.1

Suryavanshi said...

You've solved my Password dilemas. Thanks. Hopefully this will be part of Firefox 2.0

Hans said...

for the most comprehensive handling of passwords and identities you might benefit from taking a look at the features in www.roboform.com. Personally, Roboform is one of the main reasons I have for sticking with Windows and not Linux.

Anonymous said...

WOW, very very great Ideas!!
One idea further: firefox should be able to remember Passwords at vBulletin Boards.

Stephen said...

i definitely agree. in fact, i just googled "password firefox not saving" HAHA.

Paul Irish said...

Problem 2 is a big one and that change would be huge. Looking forward to it becoming reality.

Anonymous said...

Fantastic idea

Anonymous said...

Ehm, you do know that if you doubleclick a username field it gives you all the usernames it has stored information for in a dropdown? If you goto a site where firefox has usernames and passwords stored just doubleclick the username field and it will list all usernames you ever used and it has information stored. No need to guess letters.

cc said...

Excellent suggestions here!

Regarding multiaccounts:
So many sites use a cms with both frontend login as well as a backend/admin login.

You'll end up with one password for site.com and a separate one for site.com/admin.

Today, Firefox 1.5 will remember each of these logins, even though identical user/pass, and present both logins as separate choices - no matter if youre accessing site.com or site.com/admin.

This should be a bit more customizeable. I like the topbar suggested here.

Anonymous said...

How about telling us where to download this..god

Casey Watson said...

There are a few sites that I use quite often that firefox doesn't even offer to save the password on.

http://wellsfargo.com and http://schwab.com are two examples.

Has anyone discovered a workaround for this? It would be nice if firefox autofilled the login on these sites.

thomas at said...

What happened to this idea? I was really looking forward to it being in firefox 2.0 :(

Myk said...

Thomas,

I was looking forward to it too, but unfortunately it turned out to be more technically complicated to implement than we had anticipated, and in the end we were unable to land the improvements in time for Firefox 2. We still care about the enhancement, though, and I hope we can get it in for Firefox 3. For the details, see bug 226735.

Anonymous said...

I also agree. Firefox's password manager is also somewhat unwieldy.

Liz said...

Re Firefox's clunky and often unusable password "manager"... 2 words - use Opera!

mesmerX said...
This comment has been removed by the author.
mesmerX said...
This comment has been removed by the author.
mesmerX said...

...or to save anyone time, just have one default password and username for every site.

Some people really overdo it for having different passes for every site they have. Not neccessary. Unlikely your pass will leak.

Anonymous said...

I agree with most of your premises; however, I disagree that it should show the logins for the site. The reason being that the current way firefox works creates a "security by obscurity" sort of thing...unless you understand that clicking on the login field reveals the id, you won't know the person's id. Once you get an id for one site, chances are they use that same id (and probably password) on almost every site.

Also, I think the popup blocker uses java/javascript to display the message, rather than the modal that is currently being used. This might pose some security risks, as I've noticed that firefox doesn't always block popups properly.

Otherwise, think the ideas are good. I found your site trying to figure out how to get the password manager to re-remember the password for a site. Unfortunately, its no longer displaying the password rememberence modal, and its really frustrating.

Anonymous said...

RE Re Firefox's clunky and often unusable password "manager"... 2 words - use Opera!

Does Opera come with AdBlock Plus, and to a certain extent more importantly, Google Browser Sync? When it does, I'll consider it on my Linux/Windows machine (understand now why GBC is important?).

For now thought, Opera does a good job on my cell phone as well as Nintendo Wii.

Anonymous said...

i have a problem, that i can doubleclick or hundredclick on username field and firefox wont show me any choices i get no drop down, and i have allways to type the whole username to get the password field filled in

than some weeks it worked, i got the dropdown menu, but now again, it just does not work

any workaround?

DubX2 said...

There are a few sites that I use quite often that firefox doesn't even offer to save the password on.

http://wellsfargo.com and http://schwab.com are two examples.

Has anyone discovered a workaround for this? It would be nice if firefox autofilled the login on these sites.

Because it's a bank or other private site, it sends a line in the code that tells your browser to not remember the password for safety reasons

Dmitriy said...

Brilliant suggestions.

Additionally, they should allow a user to customize what the Master Password secures and when it is required to be used. I don't want to enter a Master Password every time I need to have Firefox auto complete a password for me. To me, this makes the remembering feature somewhat useless if you have a ridicules number of different passwords. Why not just type it in yourself.

SOLUTION:
Only request a password when someone is trying to access the view save passwords list. This would be an option that the user has the option of enabling. The people at Mozilla can incorporate several warnings that would have to be okay'd before the option is enabled saying something along the lines of "***WARNING** If a website does not mask their password entry you password will be visible to the user!".




The biggest question: Why has is this still not implemented?

Richard said...

I have been using Netscape for years, and just switched today from Netscape 8. Firefox will not fill in the password even after I am prompted to save it. I log out of the site , and go back to the log in screen, and the user name field will only display a value to fill in with after I type the first letter, and the password fill will do nothing. I am able to go into password manager and it does have the password and it is correct. But Firefox never fills it in. With Netscape, it always popped up the yellow bar at the top and I could select fill or fill and submit. Is there any way to use the Netscape password manager with FireFox?

Celi said...

I agree to those suggestions. And also I would add another thing to the list.

When you use last session feature which allows you to get back to where you've been last time browsing, it gets very hot in the beginning of the session.

Firefox loads bunch of windows at the same time and if you have master password set you get bunch of prompts for it. If not you will get bunch of other prompts for some sites that use the pop up box password entering (I use few of these). It is a heavy pop-up boxes overload :)

I think the whole password management thing needs rethinking in diverse usage scenarios...

Bartek

CLC Radio Backed Up said...

So, to put this in sort of a nutshell, what we're hoping for is the functionality of a SeaMonkey (or the "end-of-lifed" Mozilla 1.7.x) Suite with an Opera-like (albeit, Opera can sure improve it's multi-form, mutli-part UN/PW "remembering", too) url search filter. Is this the idea?

Anonymous said...

@villa: Your comment is seems pithy in comparison to the larger sentiment here, in that I mean; most blogger/blogspot users have at least 2 UN/PW combos, as well as facebook and myspace. I have 1 each for business, school, teaching, family, and personal "fun". So, for me, that is about 5 sites already with 5 signons each. Can you say, "Mutliple Personality"?

Anonymous said...

@percy. "...- From my experience not many users understand the whole Master Password stuff. I believe a metaphor would serve better the use of this feature. Like calling key a username/password pair, then the password manager becomes the keyring or key manager and the master password the key manager password or keyring password."

Great, now I think I understand it even less!


"- I don'remember right now if the first time a user accepts to store a password he is offered to set a Master Password."

Nope.

"- The prompt for the master password of the Software Security Device is confusing and it could also explain a little better what Firefox needs it for...."

I, personally, have never seen that one.

Ron of the net said...

In the "Options" link under "tools" exists a security tab. In the security tab, a box can be checked (or unchecked as the case may be) which allows the user to have a master password. "Double clicking" on the user name/password portion of a site will also bring up every user name/password saved on your computer for that site.

CosmicD said...

it's very annoying also when you have a site with a forum and a customer login (that are handled with sepparate php scripts)

then firefox always logs you in with your saved password even if you supply the forum login data in the fields.