Feature request: Password manager should use font that allows to distinguish otherwise indistinguishable characters
Reported by
mr.ber...@gmail.com,
Sep 26 2017
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Steps to reproduce the problem: 1. Save a password with a lower-case L, an upper-case i, and so forth 2. Retrieve it, e.g., to enter it on mobile What is the expected behavior? You can tell L and i apart. What went wrong? You cannot. You need to select the password, copy it, paste it into notepad. Only then can you tell what is an L and what is an i. Did this work before? N/A Chrome version: 61.0.3163.100 Channel: stable OS Version: 10.0 Flash Version: This is related to Issue 532949 , which deals with avoiding the above characters when generating passwords. However, the underlying problem is not password generation - because you may want to store a password that you cannot change, but which does have these characters in them. Changing the display font to some fixed-width, programmer-friendly font would be useful.
,
Sep 27 2017
Untriaged it so that issue gets addressed.
,
Sep 27 2017
Assigning to Max for getting UX decision.
,
Oct 9 2017
Here's a screenshot: - Look at the letter better "r" and "b". Is it lowercase L (ell) or capital I (eye)? - The last letter. Is it capital O (oh) or digit 0 (zero)? Just using a different font is going to improve the usability a lot.
,
Oct 9 2017
By the way, Android Chrome does this already. I cannot attached a screenshot, though, as Chrome seems to forbid this on view-password pages.
,
Oct 9 2017
Mac Chrome uses a sans serif font that makes lowercase L and capital I indistinguishable.
,
Oct 10 2017
That sounds reasonable to me. "Roboto Mono" would be a good candidate. It's a monospaced addition to Roboto and optimized for differentiation of: - Digit ‘1’, lowercase ‘l’ and capital ‘I’, - Zero "0" and the letter ‘O’ and - Periods and commas. Preview attached. +melandory@chromium.org Do you know if Roboto Mono is included in Chrome on all platforms? Which font are we using on Android? Thanks!
,
Oct 13 2017
+various people to take a look for the various platforms. I guess on Mac/Windows/Linux we need to go with other defaults than "Roboto Mono", but on Android and WebUI that's probably fine.
,
Oct 17 2017
For the bubble on desktop we explicitly set font only on Mac for the editable password (not combobox) and that font is the system font (used for button labels, menu items across all apps). Adding asvitkine@ to comment if we include any font with chrome.
,
Nov 3 2017
It looks like we do include at least some fonts with Chrome, for example Roboto for webUI: https://cs.chromium.org/chromium/src/ui/webui/resources/roboto/ Not sure if we ever do something like that for native fonts, though.
,
Jan 26 2018
,
Jun 11 2018
Could we use the platform-specific, monospaced fonts that are used in DevTools? macOS - Menlo Windows- Consolas Chrome OS - DejaVu Sans Mono
,
Jul 24
Adding the default monospace font for Linux: Linux - DejaVu Sans Mono
,
Jul 24
Assigning to Jan for chrome://settings/passwords. I think it's the most important piece out of the 3. I'll handle desktop.
,
Aug 2
,
Aug 16
Yue, please have a look after the Ctrl-Z problem.
,
Sep 11
Do we only want to change the font for the password, or should the new font applies to the username as well?
,
Sep 12
Some designer should probably answer that, but from my user's perspective, I *know* my username, so there's no confusion. It's the generated passwords where I can be confused about the 1 and l and 0 and O.
,
Sep 12
Only for passwords I think.
,
Sep 20
Usernames are typically easier to read in regular (variable-width) fonts. The monospaced font should only apply to passwords.
,
Sep 25
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/aa92361bbfa4354c9bda028115e2cd67a2a8efcd commit aa92361bbfa4354c9bda028115e2cd67a2a8efcd Author: Yue Cen <rsgingerrs@chromium.org> Date: Tue Sep 25 00:34:55 2018 Password manager: Use different font for the password field. Fonts that are applied on different platforms: macOS - Menlo Windows - Consolas Chrome OS - DejaVu Sans Mono Linux - DejaVu Sans Mono This can help user distinguish some characters such as 'l' and 'I'. Bug: 768825 Change-Id: I74416fe4fc327ff992d162a7c4ad427c18ee07b5 Reviewed-on: https://chromium-review.googlesource.com/1220373 Reviewed-by: Scott Chen <scottchen@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Yue Cen <rsgingerrs@chromium.org> Cr-Commit-Position: refs/heads/master@{#593775} [modify] https://crrev.com/aa92361bbfa4354c9bda028115e2cd67a2a8efcd/chrome/browser/resources/settings/passwords_and_forms_page/password_edit_dialog.html [modify] https://crrev.com/aa92361bbfa4354c9bda028115e2cd67a2a8efcd/chrome/browser/resources/settings/passwords_and_forms_page/password_list_item.html [modify] https://crrev.com/aa92361bbfa4354c9bda028115e2cd67a2a8efcd/chrome/browser/resources/settings/settings_resources.grd
,
Dec 4
,
Dec 15
Attaching screenshots for changes due to https://chromium-review.googlesource.com/c/chromium/src/+/1378643.
,
Dec 17
Attaching screenshot for masked password state after change from https://chromium-review.googlesource.com/c/chromium/src/+/1378643
,
Dec 18
maxwalker@: One question was brought up in the discussions in CL 1378643: whether the color of the password should be consistent whether it's a label or a combobox. Currently, it's more black for combobox (kGoogleGrey900, default color), and more grey for label (kGoogleGrey700, explicitly set to lighter shade of grey). CL: https://chromium-review.googlesource.com/c/chromium/src/+/1378643 I'm attaching a combobox screenshot to this post so it's easier to compare.
,
Dec 18
The difference in text color is correct: static labels should use GG700 to indicate that they aren't clickable/editable while input fields and combo boxes should use GG900.
,
Dec 20
Edin, don't forget to update PasswordGenerationPopupViewViews (it's a generation prompt).
,
Dec 20
,
Jan 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/dfb35c5985c749f1f12574dbf02a0ff8e9dfe5b3 commit dfb35c5985c749f1f12574dbf02a0ff8e9dfe5b3 Author: Edin Kadric <edin@google.com> Date: Thu Jan 10 09:25:29 2019 Use monospaced font for passwords in password manager bubble. This sets the label to a monospace font depending on the OS: MacOS - Menlo Windows - Consolas Chrome OS - DejaVu Sans Mono Linux - DejaVu Sans Mono Also involves changing the font list caching in resource_bundle.cc to receive typeface as parameter and add it to the caching key, instead of only supporting a default font. Support for comboboxes will be added in a future CL (which will be able to reuse some of the work done here). Tested on Mac. I have a Linux workstation that I will test it on next, but I don't have Windows and ChromeOS. Screenshots attached to corresponding bug: https://bugs.chromium.org/p/chromium/issues/detail?id=768825 Bug: 768825 Change-Id: Ie94cec7045dafd1346263c383ca08edd5560d8f5 Reviewed-on: https://chromium-review.googlesource.com/c/1378643 Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org> Cr-Commit-Position: refs/heads/master@{#621517} [modify] https://crrev.com/dfb35c5985c749f1f12574dbf02a0ff8e9dfe5b3/chrome/browser/ui/views/chrome_typography.h [modify] https://crrev.com/dfb35c5985c749f1f12574dbf02a0ff8e9dfe5b3/chrome/browser/ui/views/chrome_typography_provider.cc [modify] https://crrev.com/dfb35c5985c749f1f12574dbf02a0ff8e9dfe5b3/chrome/browser/ui/views/passwords/password_items_view.cc [modify] https://crrev.com/dfb35c5985c749f1f12574dbf02a0ff8e9dfe5b3/ui/base/resource/resource_bundle.cc [modify] https://crrev.com/dfb35c5985c749f1f12574dbf02a0ff8e9dfe5b3/ui/base/resource/resource_bundle.h
,
Jan 16
Attaching screenshots for change in https://crrev.com/c/1413376.
,
Jan 17
(6 days ago)
Screenshots for changes due to https://crrev.com/c/1417230. Notice the difference in the letter 'i'.
,
Jan 17
(6 days ago)
Would be nice to see the difference between I, l and 1 ;-)
,
Jan 17
(6 days ago)
You can see the difference between "1" and "I" in the previous screenshots, I'm just missing the "l". For this last one, I think those characters are never part of the suggested password, so I was just pointing out "i" because it is clearly different between the two :).
,
Jan 17
(6 days ago)
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7fd06f286bab3bdb6d43a92471f4297cf0722b42 commit 7fd06f286bab3bdb6d43a92471f4297cf0722b42 Author: Edin Kadric <edin@google.com> Date: Thu Jan 17 15:17:50 2019 Use monospaced typeface for password generation pop-up. Screenshots are attached to the associated bug. Bug: 768825 Change-Id: I4ef44762a1131e33abff437bb8f3cd074d2aa482 Reviewed-on: https://chromium-review.googlesource.com/c/1417230 Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Edin Kadric <edinkadric@google.com> Cr-Commit-Position: refs/heads/master@{#623687} [modify] https://crrev.com/7fd06f286bab3bdb6d43a92471f4297cf0722b42/chrome/browser/ui/views/passwords/password_generation_popup_view_views.cc
,
Jan 17
(6 days ago)
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/91089a56fba63f474670db9a25742b9965022ee3 commit 91089a56fba63f474670db9a25742b9965022ee3 Author: Edin Kadric <edin@google.com> Date: Thu Jan 17 16:03:35 2019 Change Combobox to accept context and style, and set it to monospaced for password manager bubble. As part of this change I had to change Combobox's GetFontList to not be static anymore as well as the callers of that function. Screenshots attached in associated bug: https://crbug.com/768825 Bug: 768825 Change-Id: Ib1b2868232b1b50bd7adc9f2fad8a857981fbd65 Reviewed-on: https://chromium-review.googlesource.com/c/1413376 Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org> Commit-Queue: Edin Kadric <edinkadric@google.com> Cr-Commit-Position: refs/heads/master@{#623696} [modify] https://crrev.com/91089a56fba63f474670db9a25742b9965022ee3/chrome/browser/ui/views/page_info/page_info_bubble_view.cc [modify] https://crrev.com/91089a56fba63f474670db9a25742b9965022ee3/chrome/browser/ui/views/page_info/permission_selector_row.cc [modify] https://crrev.com/91089a56fba63f474670db9a25742b9965022ee3/chrome/browser/ui/views/page_info/permission_selector_row.h [modify] https://crrev.com/91089a56fba63f474670db9a25742b9965022ee3/chrome/browser/ui/views/passwords/password_pending_view.cc [modify] https://crrev.com/91089a56fba63f474670db9a25742b9965022ee3/chrome/browser/ui/views/textfield_layout.cc [modify] https://crrev.com/91089a56fba63f474670db9a25742b9965022ee3/ui/views/controls/combobox/combobox.cc [modify] https://crrev.com/91089a56fba63f474670db9a25742b9965022ee3/ui/views/controls/combobox/combobox.h
,
Jan 17
(6 days ago)
Good point regarding 'I' and '1' never used. Dominic, Max: is there an appetite to revisit the policy given that the font in all the desktop UI was changed? Ioana: can you ensure that the Android UI (settings, infobars) uses a special font for passwords?
,
Jan 17
(6 days ago)
Do you think that a user can clearly delineate the characters even if they don't see the other ones (e.g. if you only see '1' do you know whether it is a number or a character)? I am a bit sceptical but would be interested in Max' opinion.
,
Jan 17
(6 days ago)
I think the answer is yes for l, L, I, 0. However, I think 1 could still be mistaken for l, and O could still be mistaken for 0 (but not the other way around).
,
Jan 17
(6 days ago)
I thought the assumption behind fixing this bug was that the user can.
,
Jan 17
(6 days ago)
I agree with Dominic. Using the monospace font helps a lot, but it's still significantly more difficult to identify one of the ambiguous characters at a glance than it is to identify a non-ambiguous one.
,
Jan 17
(6 days ago)
,
Jan 18
(5 days ago)
In Settings on Android we currently uses a special font, but it might have a problem with 0 and O (see example in screenshot). The infobars don't currently show passwords, but I'll keep it in mind. The modal dialog for generation needs changing.
,
Jan 21
(2 days ago)
Reassigning to change the generation dialog on Android. |
||||||||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||||||||
Comment 1 by ligim...@chromium.org
, Sep 26 2017