Password manager doesn't update username when selecting a password
Reported by
booc0mt...@gmail.com,
Dec 21 2017
|
|||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36 Steps to reproduce the problem: 1. save several username/password combos on a simple form in the password manager 2. note that when selecting a username or password from the list, both fields are marked as yellow, and change content 3. type an unrecognized username, and then select a password from the password manager What is the expected behavior? The username and password fields would update appropriately. What went wrong? Only the password field changes, leaving the existing username as what was typed. This means that it will attempt to use one username, with some other account's password, which is bad practice if it works, and misleading if it doesn't. Did this work before? N/A Does this work in other browsers? Yes Chrome version: 63.0.3239.108 Channel: stable OS Version: OS X 10.12.6 Flash Version: This is especially troublesome for sites that use a two-step password scheme. any hidden field encoding the username doesn't get updated, so there's no indication to an end user what is the problem.
,
Dec 22 2017
Tried testing the issue on mac 10.12.6 using chrome reported version #63.0.3239.108. Attached screen cast for reference. Following are the steps followed to reproduce the issue. ------------ 1. Navigated to https://jsfiddle.net/oo8bsq7b/ 2. Entered and saved few usernames and passwords. 3. Again opened the url and clicked on username. 4. Observed that on clicking the saved username, password did not populate. reporter@ - Could you please check the screen cast and please let us know if anything missed from our side. Thanks...!!
,
Dec 22 2017
Hi there, It's a slightly different issue actually. I forgot to append an update to the test url, which slightly simplifies the situation (https://jsfiddle.net/oo8bsq7b/2/) so apologies for that! this new URL removes the POST, which will allow the browser to store the username and password to reproduce the issue. If you take a look at the attached gif (01.gif), you can see a demonstration of this particular issue. I've attached a video in case that gif doesn't work
,
Dec 22 2017
Thank you for providing more feedback. Adding requester "krajshree@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 22 2017
And now it appears that JSFiddle has changed their behavior when testing this behavior. let's stick with the URL in Comment #1. Once chrome prompts to remember the password, it should update both fields when using the UI.
,
Dec 27 2017
Able to reproduce this issue on reported version 63.0.3239.108 and on latest canary 65.0.3305.0 using Windows 10, Ubuntu 14.04, Mac 10.13.1 with link given in comment#0 This issue is seen from introduction of key icon to save password from M63. Hence considering this issue as Non-Regression and marking as Untriaged. Thanks!
,
Jan 9 2018
Actually, I believe this is working as intended. In some cases, Chrome can save the wrong username (or an empty one). To allow the user to attach the saved password to a correct username, Chrome won't overwrite the username when filling from the password field. Adding kolos@ to double-check if my understanding is correct.
,
Jan 9 2018
yes, it works as intended because as a user typed the username the dropdown from the password fields shouldn't override the username typed manually.
,
Jan 9 2018
So, to check my understanding, this behavior is defined by the fact that chrome sometimes corrupts the associated username? It seems odd that a failure-behavior in username detection would define overall password manager behavior... I don't have any stats, but I do feel that it's worth investigating the use cases around this behavior. For instance: - how frequently do users mistype their username, thus resulting in a bad pairing? - behavior with two-step login flow where the the username and password fields are on different pages (I raised this issue b/c one might assume the hidden username would update) - users that have multiple accounts, and wish to switch between them by clicking the password field, having typed the username manually. I trust you all know the story around this better than I though! Thanks for your time. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by booc0mt...@gmail.com
, Dec 21 2017