New issue
Advanced search Search tips

Issue 626298 link

Starred by 3 users
Status: WontFix
Owner: ----
Closed: Sep 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

Understand reauthentication issues for viewing passwords on Windows 10

Project Member Reported by vabr@chromium.org, Jul 7 2016 
Issues like  bug 347825  and bug 574581 point out that Windows 10 users might have troubles reauthenticating for viewing passwords in settings. In particular, Chrome is reported to be requesting "Windows" password but actually expecting "MS Account password" ( http://crbug.com/347825#c73 ).

As a first step before tackling this issue (one suggestion is, e.g., http://crbug.com/574581#c3), we should understand how often these issues happen.

This bug tracks adding suitable tracking, likely via UMA. In particular, we could:
 * look at the frequency of PasswordManagerPresenter::IsUserAuthenticated returning false
 * calculate the ratio of Win 10 users who use MS account password as opposed to a local Windows password (it is apparently easy to set this up by accident and hard to undo)

Comment 1 by daveyy.k...@gmail.com, Jul 20 2016 

To me there are a couple of issues here:

1. No password set
Users who have no password set (ie. they use a local Windows account with no password set) are unable to view saved passwords.

2. Enterprise - UPN with domain-joined PCs
If the alternate User Principal Name (UPN) is different from the AD Domain Name, an attempt to reveal a saved password in Chrome results in a "Logon Unsuccessful" message. If the UPN is changed back to the AD Domain Name, it works. The prompt to reveal passwords does not allow the user to alter the username and enter the correct UPN.

3. Microsoft vs Windows account
Users who sign into Windows with their Microsoft account (ie. not a local Windows account) are confused by the prompt which requests their Windows password, this needs rephrasing to make it clearer for users who sign in with a Microsoft account.

4. Pin entry
Related to #3 but users who use a pin to sign into Windows (instead of their Microsoft account password) are not able to use the pin to show passwords, they instead need to use their Microsoft account password.

I felt it would be good to summarise.

Comment 2 by vabr@chromium.org, Jul 21 2016 

Thanks a lot for the very helpful comment in #1!

I started an internal discussion with other engineers to see what our next steps in this will be.

Comment 3 by vabr@chromium.org, Sep 28 2016

Status: WontFix (was: Available)
There has been a couple of other bugs. Two issues were identified and one fixed (bug 641836 open,  bug 630317  fixed).

Sign in to add a comment