Unfortunately, Chrome cannot save different passwords for different device IPs. Many users get their device IPs assigned via DHCP so we would break the password manager for them if we started to do this. Sorry.

That's annoying, as there are router passwords on some of the web pages, which silently get overwritten by chrome, and if I alter any other setting on the web page and save the settings, the router password can be changed on me, and everything then breaks horribly. I don't know that this has happened, as the passwords are just *'s on the web page

How does chrome tell that one site is different from another if it doesn't do it by dns name or IP? The password manager looks to be storing the site dns name along with the passwords (or the IP address, if the dns name wasn't used).

Sorry, I misunderstood you. I thought you tried to save different passwords depending on the IP address of the computer running Chrome.

So you are saying that if you have a router http://192.168.1.1 and a router https://192.168.2.1 then Chrome will override the passwords between?

that should be http://192.168.2.1 (not https).

Or do you use DNS entries for your devices?

Yes. All devices have unique and different IP addresses and DNS entries. I usually use dns entries, but when I connecting to a router that is having problems, and I don't have full connectivity, I do use IP addresses. The problem occurs both with DNS and IP based logins. 

I can see the different passwords have been stored correctly by chrome, but chrome doesn't always use the correct one.  I can't reliably reproduce this, but it does happen often. I have seen the wrong passwords overwriting a form field, that does have have the correct password set in the html value= for the form field. 

The common factors are that the login names are always the same, and the web pages on the devices are always the same. Passwords aren't swapped between different web pages (that I am aware of). 

There are passwords for authenticating between routers, not the login passwords of the routers, and login passwords for the routers. They don't seem to be being mixed up. I have managed to get devices communicating again by using a password from one of the other routers. This suggests that the passwords are only being swapped between identical html forms, even though the dns entries are different.


I have also had problems logging in, even though the correct password was saved in chrome. I then use that correct password to successfully login, by overwriting the password chrome fills in and I always get asked to update the saved password, even though I can see it was correctly saved before hand. Sometimes saving the password fixes the problem for the next login and sometimes doesn't.

Looking at my chrome passwords, the username for passwords embedded in forms look to be just numbers. As there aren't user names for these passwords, I assume chrome is assigning one.  

These form based passwords are for things like snmp authentication, wireless passwords between routers, ssh keys, routing protocol authentication, ... 

CC'ing battre@chromium.org for further inputs on this issue..

Thanks..!  

Ok, I have total information overload and cannot follow what you are trying to describe.

Can you share how the DNS entries of your devices look like? Chrome has logic to share credentials between different subdomains such that www.facebook.com and m.facebook.com can share their credentials. If your devices have DNS entries like that, it could be a root cause.

Can you clarify whether you type the credentials for a device A into the web interface of a device B? That would also cause problems because Chrome would not know that the credentials are associated with A. It would save them for B.

Two screen shots of the password entries, the first by DNS entry and the second by IP.  Different entries, same login name.

Login web pages are all identical for routers of the same type, as they run the same firmware. I was wondering if the html being identical is part of the problem.

Same for the configuration web pages. They are identical html between routers of the same type, with just the settings in the forms changing.

Form fields with passwords, like the following, will have the default password passed in in the "value=". This gets silently changed by chrome, and is invisible to me, as the form just displays *'s in the field. 

        <td class="f-left" colspan="3"><input type="password" class="config pwd i_wpapsk" name="wpa_key" id="wpa_key" value="xyzabc12345" req="1" callback="validateWpaKey" maxlength="63" realname="WPA passphrase (minimum 8 printable ASCII chars, maximum 63)" autocomplete="off"/></td>

Deleted: Screen Shot 2018-07-06 at 09.57.50.png 78.9 KB

	Screen Shot 2018-07-06 at 09.57.50.png 78.9 KB View Download

Deleted: Screen Shot 2018-07-06 at 09.59.15.png 54.6 KB

	Screen Shot 2018-07-06 at 09.59.15.png 54.6 KB View Download

Thank you. This makes it much clearer to me. It suggests that the problem is related to our sub-domain matching.

The only short term workaround at the moment would be to use different usernames (ubnt-wikk-b10). I'll discuss this with others. It's an edge case that keeps coming up with admins and is less of a problem for most users.

I can confirm this bug and from my testing, it seems to only affect sites from the same sub-domain.