Jump to content

Browser extension: Ignore asking for saving credentials


Recommended Posts

Hi all,

 

I've some websites on which the Passwordstate browser extension is asking me all the time if I'd like to save a password. This happens e.g. when there are different password fields on a website, like when you manage users with a password field, this will happen all the time. After every form submit Passwordstate is asking if the password should be saved. This is very annoying. If you click "Ignore" (screenshot below), it leads to prevent Passwordstate from filling the form as well.

There's currently no way from stopping the browser extension to ask for saving passwords and still let it fill the form.

 

grafik.png.e7b1d1bcb221e5c0fae9066e79c6f18a.png

 

I really would like, if clicking on "ignore" would only prevent asking for saving passwords, but would not stop filling the form. For me it really doesn't even make sense to ask at this point about stop filling forms and I think this is not really obvious as well (that clicking on this ignore button, after entering credentials, will lead to stop filling of other credentials in the form on this site). I guess it's not only confiusing for me and I guess that many people unintended stopped the browser extension from filling the form by clicking on ignore there.

 

From my opinion these are two completely different things:

1. Prevent Passwordstate from filling forms: I think it's good to have this as a user preference setting as it is right now.

2. Prevent Passwordstate from asking about saving a password: I think this should be handled in the browser extension.

 

So here's my actual feature request:

 

1. Clicking on "ignore" on the screenshot showing above should not stop Passwordstate from filling any forms. Instead it should just stop asking for saving passwords.

 

2. I really would wish to have something like a checkbox or a switch displayed in the browser extension. There I could control if I would like have Passwordstate asking me to save passwords on the current site (should be enabled by default). A little mockup below, sorry for bad paint skills ;-)

 

grafik.png.3d61a0fa68b76714f1e6e04ed4f82432.png

 

If you like this feature request, please post a "+1", highly appreciated!

 

All the best,

 

Fabian

 

 

Link to post
Share on other sites
  • 1 month later...
  • 2 weeks later...
  • 2 weeks later...
  • 3 months later...

Thanks for your answer and explanation! I'm really looking forward to version 9 and try to follow all your blog enties and news on facebook as well :-)

 

I'm not sure if I understood that right. You'll rename the "Close" button to "Later" and the "Ignore" button to "Never", is that right? Will there also be a change in the behaviour (except letting the icon turn blue)? If the question would still be "Add Site to Passwordstate?", answering with "Never", leading to ignore form filling, wouldn't be that obvious to me (as the question isn't about ignoring at all ;-) )

Link to post
Share on other sites

Hi Fabian,

 

Below will be the change - top one is V8, and bottom one is V9. So what you are saying with button names is incorrect.

 

We receive an enourmous amount of support calls where customers to not realise the 'Ignore' button will add the URL to the 'Ignored URL' list. So we need to change this, because it does not seem obvious to customers.

 

Do you have any other suggestions - keeping in mind we can only use single words, because of dialog realestate?

 

before.png

 

after.png

Link to post
Share on other sites

Thank you for providing the screenshots and explanation.

 

Am I right that clicking on the new "Never" button will not add the URL to the 'Ignored URL' list anymore?

How can I undo the action after pressing the "Never" button? Like, if I would like to let the browser extension asking me again to save passwords for this site?

 

 

Link to post
Share on other sites

Hi Fabian,

 

The 'Never' button will add the URL to the Ignored URL list - that's our way of tracking which sites not to (Never) form fill credentials on the screen.

If you need to remove an Ignored URL, you do this in Passwordstate - on the screen Preferences -> Browser Extension tab.

It is also possible to specify Ignored URLs globally for all users, on the screen Administration -> Browser Extension settings. But the Never button adds it on your own Preferences screen.

Regards

Click Studios

Link to post
Share on other sites

From my point of view, these are two complete different things: form filling and asking to save a credential.

Currently these two things are bound together. If you would like to stop the browser extension for asking to save a credential, there's no way to do this without also stoping it to fill the form.

For some sites, I really would like to stop it asking me again and again to save a credential, but this is not possible without also stoping form filling.

 

What I wanted to say before: If you just rename the button from "Ignore" to "Never" and still do the same, I would bet, that it's even more confising to the most users.

The question in the dialog is "Add Site to Passwordstate?" and the answer is "Never". I would expect, that the browser extension would stop asking me about to save the credential. Of course it will do that, but it also will stop filling my forms. But I never told the browser extension to stop filling the form (this was not intended, not asked and not obvious), I just wanted the browser extension to stop asking me to save a credential, when I clicked on "Never" (or Ignore as in the current version).

As you said that you are receiving "an enourmous amount of support calls", I'm guessing that I'm not the only person who got confused about that.

 

I really would like to have these to things separated and that's why I opened this Feature Request.

 

Best regards,

 

Fabian

Link to post
Share on other sites
  • 2 weeks later...

Another +1 for me, relating to Fabian's last comment. There should be two different functions for:

 

- Stop auto-filling passwords on this page

- Stop asking to save the password on this page

 

There are lots of pages where I DO want PasswordState to fill the username/password fields but I DON'T want it to ask me to save the password every time.

Link to post
Share on other sites

Hi Greg,

 

With your comment of "There are lots of pages where I DO want PasswordState to fill the username/password fields but I DON'T want it to ask me to save the password every time", are these any sites we can test with?

If you have a credential saved for a web site, and it's auto-filling, it's not meant to prompt you again to save the password when you login.

Regards

Click Studios

Link to post
Share on other sites

Hi buddies,

 

On 12/11/2020 at 11:49 PM, support said:

With your comment of "There are lots of pages where I DO want PasswordState to fill the username/password fields but I DON'T want it to ask me to save the password every time", are these any sites we can test with?

 

That's exactly what I mentioned in my first post in this thread ;-)

On 5/11/2020 at 8:20 PM, Fabian Näf said:

...This happens e.g. when there are different password fields on a website, like when you manage users with a password field, this will happen all the time.

 

If you need to have a website to test this out, go to developer.service-now.com register there to get a test instance of ServiceNow. In ServiceNow you can update any record with a password field. For instance, where you open a user record or when you created a record for a "Update Source", there's a password field as well.

After submiting any of these pages, the Password state extension will ask you to save a credential.

 

Best regards,

 

Fabian

Link to post
Share on other sites

Hi Fabian,

 

I've just signed up for an account, and it appears the URL for logging in is different compared to after you have logged in i.e. in changes from https://signon.service-now.com/ to https://developer.servicenow.com/dev.do

 

Do you see the same thing, because the different URLs could explain why it's prompting you to save?

 

In Passwordstate, if you go to the Actions menu for the Password record and select "Link Account to Multiple Web Site URLs", if you add in other URLs here like https://developer.servicenow.com/dev.do, does this solve it for you? You will need to log out of your extension and then back in to test this.

 

Or maybe a better option is to add https://developer.servicenow.com/dev.do as an Ignored URL, and then it won't prompt you to save any logins for this URL, or accidently form fill any fields whilst you are logged into Service Now.

Regards

Click Studios

Link to post
Share on other sites

I think there's a missunderstanding...

I wasn't writing about the logon form of the developers page itself. My answer was related to any ServiceNow instance.

After you have registered on the developer.servicenow.com page you can request your own ServiceNow instance. When you got your own ServiceNow instance and you have logged in to that instance (and saved your logon credential), you can go to the users or any other page in ServiceNow, where you have a password field and you'll get the experience of asking you again and agian and again to save a password ;-)

51 minutes ago, Fabian Näf said:

In ServiceNow you can update any record with a password field. For instance, where you open a user record or when you created a record for a "Update Source", there's a password field as well.

 

Link to post
Share on other sites

Hi Fabian,

 

We are not familiar with these Instances you are referring to sorry. Can you check if the URLs for the instances are different to any URL you have saved in Passwordstate?

 

If the URLs are an exact match, you should not see prompts to save again - unless there is a bug we need to try and reproduce.

Regards

Click Studios

Link to post
Share on other sites

The stored URL in Passwordstate exactly matches any other URL in Passwordstate. E.g. I have the following URL stored:

https://dev73199.service-now.com/

(this one is not active anymore)

 

To get your own instance you just have to click on "Request an Instance" on the left side of the page, after loging on to developer.servicenow.com. Then you have to choose a version (doesn't matter) and click on request. After some seconds you'l get an url, username and password to logon to your own ServiceNow instance. Then you can test it out by yourself.

Link to post
Share on other sites

Another example when I get the prompt and the Passwordstate extension unnecessarily asks me to save the credential: When I logon to the Citrix page of a customer, I have to enter a OTP in a second step. After submiting the OTP I'm getting the prompt. Unfortunately I can't share this URL and credentials with you but I hope you've some other two-factor pages like this, with a password field for the second factor.

 

@GregSmidI hope you have some other public available pages which you can share with us to have some more examples.

Link to post
Share on other sites

I've just tried to login to Service Now again, and can see an additional prompt when logging in with the OTP code - this would be happening, because we're detecting a different account here i.e. not the email address. After logging in, it's telling me I'm no longer authorized, so cannot really do much more testing :(

 

I guess we will need to work on more options here for customers, as it's quite difficult to cater for the many variations that web sites like Service Now provide.

Regards

Click Studios

Link to post
Share on other sites

Hi guys, found an example of an external site that prompts me to save creds even though they're already saved in PasswordState (and in fact I used the PS browser plugin to log in).

 

https://uptimerobot.com

 

URL as saved in PS: https://uptimerobot.com/login

 

Browser Form Field Username: userEmail

Browser Form Field Password: userPassword

 

 

Link to post
Share on other sites

Hi Greg,

 

We also use that site, and do not see this prompt. We have the URL in Passwordstate stored as https://uptimerobot.com. I then tried it with it stored as https://uptimerobot.com/login, and neither of these prompted me to save the credentials after I logged in.

I've tested this in Chrome and Firefox. Can you tell us what browser you are using, and what versions? We'll check if it has something to do with this.

Regards

Click Studios

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...