Hacker News new | ask | show | jobs
by bakhy 1282 days ago
This is quite easy to reproduce. Wow.

IMO they should just remove the password generator feature. It's barely usable, and with this behavior it's just dangerous.

Why barely usable? Some really simple features are missing. I miss the ability to specify password requirements - for annoying sites which specify length, require so and so many these and those types of characters, or even forbid some types. And another one is that it's not possible to manually generate a password, not even in the password storage UI, when manually adding a new entry. So, if a site did not correctly declare a password field, which happens, you must generate a password yourself somehow.
3 comments
weird-eye-issue 1282 days ago
> This is quite easy to reproduce. Wow.

If you read the page you would see it is functioning by design and the bug was closed 3 years ago. Not saying that is the proper behavior, but that would explain why you can reproduce it.

link
amelius 1282 days ago
I use the feature all the time, and I'm happy with it. Please don't remove it.
link
haasted 1282 days ago
Why do you find the feature "barely usable"?
link
Ayesh 1282 days ago
It is a hit or miss, as some password fields don't get this. However, I personally fund it useful and use it about 100/% of the time in new signups/resets when available.
link
mnoorenberghe 1282 days ago
I believe you can right click in any type=password field to bring it up with the heuristics didn’t detect it as a new password field.
link
riskable 1282 days ago
Yeah that's the problem though: A lot of websites don't set the password field to "type=password" or they don't set the second (verify) password field like that. Why do they do this? Either the web developer didn't really know what they were doing or they were given some very unique requirements (e.g. need to work with a legacy framework).
link
richardwhiuk 1282 days ago
Password is leaked. Firefox continues to suggest the same password, because there's no random generation.
link
kijin 1282 days ago
Wrong. There's random generation, and each randomly generated password is pinned to the site where it was generated. When you navigate to a different site, Firefox will generate a new password. There's no cross-site leaking.
link
darkwater 1282 days ago
Password is leaked and you want to change it all in the same browser session/tab since you created it for the 1st time? I mean, technically you could be living with the same tab opened for months but...
link
haasted 1282 days ago
I meant in addition to the issue being discussed.

> It's barely usable, and with this behavior it's just dangerous.

link