Report CVC fields as not passwords |
|||
Issue descriptionChrome needs to understand when an <input type="password"> field is used for verification numbers on credit cards (CVC). It has a local heuristic which is not particularly reliable. It has no automatic ways to generate autofill server hints about CVC and for parsing password forms currently also ignores manually added field classifications as CVC. This tracks the work to improve Chrome's reliability in detecting CVC fields. There is a (Google-only, because talking about internal server support) design doc: https://docs.google.com/document/d/15VCazN-8FjeApxK66zoidLEgbJMGNAWekR22vfVxeDA/edit?usp=sharing The steps tracked here are the following: (1) Finish the above design and get it approved. (2) Ensure that CREDIT_CARD_VERIFICATION_CODE hints from the server lead to <input type="password"> fields being ignored by password manager. (3) Add overrides for popular sites with this issue (e.g., bug 770708), if needed. (4) Teach Chrome to send a CREDIT_CARD_VERIFICATION_CODE vote for forms which have a "password" field with 3-4 digits values and another field classified as credit card number. (5) After some time after (4), check that the data gathered on the server leads to correct predictions. (6) If data looks good (check, in particular, if bug 860700 was fixed), remove the IsFieldCVC-related code from components/password_manager/core/browser/form_parsing/form_parser.cc. (7) Optionally, also add sending the CREDIT_CARD_NUMBER vote, if we see that it would improve the current quality of classifying CC card numbers (which is already high) and not lead to reinforcing bad classifications.
,
Nov 28
Status: Step (1) -- the design is not completely finished, it lists some alternatives and potential challenges. Step (2) -- is implemented in https://crrev.com/c/1353939 The rest is a TODO. I am leaving the team, so returning this bug to the Available ones.
,
Nov 28
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/19d24af125962b4b40c75ee11f90a7238ec8f3b6 commit 19d24af125962b4b40c75ee11f90a7238ec8f3b6 Author: Vaclav Brozek <vabr@chromium.org> Date: Wed Nov 28 17:27:12 2018 New password form parser: CREDIT_CARD_VERIFICATION_CODE The autofill server may issue CREDIT_CARD_VERIFICATION_CODE hints for fields. These should be used by password manager to understand that a CVC field is not a password field. The old parser had this functionality (see IsPredictedTypeNotPasswordPrediction), although it generally did not have the data at the right time. This CL teaches also the new parser to understand that server hint. Bug: 899331 Change-Id: Iddff8c03014ca9cf26ace5d259e33a56eaec1d1d Reviewed-on: https://chromium-review.googlesource.com/c/1353939 Commit-Queue: Vaclav Brozek <vabr@chromium.org> Reviewed-by: Vadym Doroshenko <dvadym@chromium.org> Cr-Commit-Position: refs/heads/master@{#611749} [modify] https://crrev.com/19d24af125962b4b40c75ee11f90a7238ec8f3b6/components/password_manager/core/browser/form_parsing/form_parser.cc [modify] https://crrev.com/19d24af125962b4b40c75ee11f90a7238ec8f3b6/components/password_manager/core/browser/form_parsing/form_parser_unittest.cc
,
Yesterday
(43 hours ago)
|
|||
►
Sign in to add a comment |
|||
Comment 1 by vabr@chromium.org
, Oct 26