"Remember passwords" cleared on browser restart about browser-addon HOT 52 CLOSED

This issue was a show stopper for me so I found a relatively simple work-around for it. You just have to have lock that preference so that it can't be updated by the extension. Unfortunately, the procedure to do this is less than obvious, but it does seem to work well (at least for the Windows version)

1. Create new or add to the file [Install Directory]\mozillla.cfg ( e.g. C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg ) exactly like the following (including the // on the 1st line):
   //
   lockPref("signon.rememberSignons", true);

2. Create new or add to the file [Install Directory]\defaults\pref\local-setting.js as follows:
   //
   pref("general.config.filename", "mozilla.cfg");
   pref("general.config.obscure_value", 0);

Again, it's critical that the 1st line of both files is just: //

3. Completely restart Firefox.

If all goes well, the setting will be greyed-out and selected and should be remain that way until the preference is unlocked.

from browser-addon.

Per my earlier comment and the discussion in PR #139 I thought it was reasonably clear what needs to be done in order to get an option for this behaviour merged in for a future version of the add-on so please start by understanding that comment and the current state of the abandoned PR and feel free to submit a fresh one or ask for clarification on any requirements that are unclear.

I'm not especially interested in revisiting the question of what most people would prefer the default behaviour to be but suffice to say my original decision is based upon a mixture of past training and experience in UX design along with several user-testing sessions to evaluate various aspects of the initial add-on installation experience and while I am happy to revisit old decisions in the light of new evidence, that's not been presented here so far and I do not feel it's an appropriate use of my time to go actively seeking out a re-evaluation of this specific point above all other areas in which the add-on requires improvement. If you'd like to discuss the UX in more detail please feel free to do so on the community forum but I'd like to keep this issue focussed on the agreed feature to enable this desired behaviour as an optional feature since this is something that can be achieved in the short to medium term.

from browser-addon.

"It may be possible to add an option for this behaviour in a future version of Kee if the demand is there."

Please add this option!
I use Firefox mostly as ned-martin. (I'm using TeamViewer a lot, when I'm working, and Firefox too, but I don't want to start KeePass when a TeamViewer session is running. So I store a lot of "not important" password in Firefox... for example websites running on localhost under development stage, or forum passwords, etc...)

from browser-addon.

Kee has to either control the setting or not. I've elected to control it since I think that is going to reduce confusion for 99% of users.

It absolutely does NOT have to control the setting. It works just fine with that setting enabled or disabled.

I don't understand what confusion you are referring to. Everybody knows how built-in save/update password prompt looks like and Kee shows totally different looking prompt under it's own toolbar icon...
If they don't want built-in prompts - they can disabled it in browser's settings, If they don't want Kee prompts, well, guess where do they disable that?
Like @Magneticdud mention, Kee (just like KeePass itself) is not for average user, don't need treat them as morons incapable of their own decisions..

Current implementation confuse 100% of users who want to use built-in password manager, because Kee disables that setting without user's consent.

P.S.
It would be fine if Kee disabled the setting once, on first install (not after update and definitely not on browser startup)

from browser-addon.

Can you simply add an option to Kee:
Advanced:
"Allow Firefox to save passwords as well (not recommended) [default: off]"

Then people like me can enable this feature and it will stop Kee from disabling the inbuilt password saving feature.

from browser-addon.

If someone wants to implement this, I'll include it a future Kee release.

Overall work required is:

1. Create a new configuration setting called "enableBuiltInPasswordSaving", defaulting to false
2. New checkbox/boolean option in the Advanced panel of Kee options with the following English string label: "Also allow your web browser's built-in password manager to save passwords (not recommended)"
3. Execute a call to browser.privacy.services.passwordSavingEnabled.set() each time the user changes the setting
4. At init time: Execute the line in KF.ts that calls "browser.privacy.services.passwordSavingEnabled.set" conditionally based upon the new config setting
5. At init time: If the new config setting is true, log a debug message stating that we didn't try to disable built-in password manager saving

For the record, I dug out the relevant Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1342584

Although https://blog.mozilla.org/addons/2017/11/20/extensions-in-firefox-58/ says "Over the next few releases expect to see Firefox show even more areas where an extension is in control of a browser behaviour along with options to revert back to a default state." it appears from Bugzilla that Mozilla's interpretation of "options to revert back to a default state" are (IMO) not going to be useful. So far each affected option simply includes a new button to disable the add-on which changed the setting. While partially addressing concerns about malicious add-ons changing new tab pages, search engine defaults and the like, this does nothing to help with the sort of fine-grained control being sought in this Kee issue.

from browser-addon.

My fix is using KeePassHelper as this critical show stopper bug (that the owner thinks is a feature) really bothers me.

In the end it's less sophisticated than Kee, as it's "read only" , but it's much better as it doesn't overtake login forms, having better compatibility with some websites with small forms.

Just last week i turned on an old pc with kee installed, and the firefox pm got disabled. Firefox sync reinstalled the extension and it rippled all over my computers. I took hours to restore the right setting in all my computers. Man, this bug it's like cancer, you think it's over, but it comes back when you never expect.

from browser-addon.

Yes but until the feature is not implemented, it's a serious usability bug

It doesn't matter how many hours of UX studies you did, or even if you have a PhD in UX , there isn't a single person in the world who thinks "oh I wish firefox could reset my settings at every startup without asking"

This bug should have been fixed in October 2017, as a maximum priority. Even me, a power user, i took like 3 days to realize that Kee was the malware disabling the password manager at every startup, i was blaming Firefox

from browser-addon.

I'm glad to finally figure out what's doing this. I have disabled Kee until this behavior changes. Like it or not, Kee is a power-user add-on. Anyone using it will recognize the difference between built-in password manager and Kee.

from browser-addon.

Let's not be ungrateful about the open source library, besides @luckyrat said that if anyone wants to implement it he'd include it. That said, I really wish it could be implemented soon (unfortunately I don't know enough to do it myself).

from browser-addon.

I'm not ungrateful, but with Firefox sync, the problem get compounded. Who wants the password manager disabled in Firefox for android? How many people are confused that suddenly firefox doesn't save passwords anymore without warning and without a fix?

And also, my KeePass password is like 60 characters, i am not unlocking the database if i just want to login into Reddit or other non critical websites

from browser-addon.

@bochove How much product design have you done? If my dad installs an addon to save passwords and it asks him to save passwords twice, he will for sure get confused and not know that the browser has two password stores. This is 100% the right decision on @luckyrat's part. It would just be nice if it didn't reset the option at startup every time.

from browser-addon.

That's a good point, maybe Kee can disable the option on installation and then not keep reverting it if the user changes it back.

from browser-addon.

Yeah, I'm sure I remember reading that it's on the Firefox TODO list to make this behaviour clearer. Essentially, Kee has to either control the setting or not. I've elected to control it since I think that is going to reduce confusion for 99% of users but I'm interested to hear of use cases that can benefit from using the built-in password saving feature at the same time. How serious for you is the impact of not being able to use both?

It may be possible to add an option for this behaviour in a future version of Kee if the demand is there.

from browser-addon.

The previous functionality (where the setting was disabled once on install, and I could then manually re-enable it and it would not be disabled again) was acceptable to me. It was annoying, but I could still use it.

Unfortunately the new functionality (where the setting is disabled every time the browser starts) makes it unusable to me.

The ideal situation I suppose would be a setting in KeeFox which controlled whether or not to keep using the inbuilt Firefox password saver (which you could default to off if you think that's how most people want it to be) and then people like me could change it so that we can continue to use the Firefox password saver.

My use case is this:

I use the built in password saving feature, along with a master password and Firefox sync, to save my passwords and sync them between my computers etc. Certain "more important" passwords that I want to be more secure about (such as internet banking or whatever) I don't save in the browser. I have set those to "never save" using Firefox's built in password saver's exclusion list. This is all very simple to do as it is all designed to work this way in Firefox.

I also use KeePass to save all my passwords. So I use KeeFox for these features:

• I do not normally login to KeePass. I only login when I need to
• If I am saving a new password, I login and use KeeFox to save that password
• I log in to KeePass and use KeeFox when I need to login to something which does not already have a saved password in Firefox, either because it is more secure and I don't use Firefox to save that password, or because I haven't used Firefox to login to that site before
• But for everyday things that I log in to all the time and which aren't particularly secure, i.e. random forums, various websites I manage, my web development work, etc., I use the inbuilt password saver as it works a lot better, is a lot quicker, automatically syncs between Firefox versions on different computers and my mobile devices, and means I don't need to leave KeePass unlocked all the time which is possibly a security issue.
• I also occasionally import all my saved Firefox passwords into a group in KeePass to handle the case where I've saved something into Firefox and not KeePass. The importer I use handles duplicates semi-well so doesn't usually import things twice, though it gets a bit messy sometimes but I just keep them in an separate group.

Additionally, the new version of KeeFox is not yet good enough to use as an everyday password saver as it does not auto-fill passwords and doesn't work with many types of passwords, whereas Firefox's password saver does.

from browser-addon.

With this behavior the plugin is unusable for me. I have to disable Kee until this is fixed.

I use Keepass only for sensitive passwords, but "useless" passwords like forums logins have to be saved on Firefox

from browser-addon.

Similarly, I save passwords on Kee and Firefox Sync as well, so I can access them easily on my mobile (otherwise it's a hassle). Since Kee now breaks this behaviour for me, I have also disabled it for now.

from browser-addon.

In my opinion, since anyway Firefox extensions can't copy the required DLL anymore, the average user must be expert. So if it's an "all or nothing" situation, just show a warning "it's better to disable firefox password manager"

Right now, for me this is a "show stopper" bug/feature which forced me to uninstall Kee and use KeePassHelper instead

from browser-addon.

Same demand here. I use keefox/keepass mainly to generate random passwords. I like the fact that the password are kept with keepass so that I can share them with chrome.
I consider that it is safe to let firefox store the password and have the feeling that it detects password fields better than keefox. If I had to choose between firefox's embedded password manager and keefox, I'll select the first one. Until very recent version I didn't need to choose.

from browser-addon.

In my case I have the problem, that my computer is not only used by me alone, but as well from other people.. With Keepass I have the opportunity, to store my very personal logins separate, so that other people who work on my desktop cannot see and use them.
But there are quite a few website logins, that the other people need to easily get access to. Therefore I would like the firefox "remember logins..." setting to be kept alive.
I remarked, when Kee in the firefox add-ons is disabled, the firefox setting stays as I want it to be.
Therefore I think, there could be an easy workaround for the problem.
When keepass is not started, we have a big red sign "off" over the kee icon on top of the screen. Depending on that, the mark in the firefox checkbox could be toggled on or off, weather keepass is started or not.
Just an idea, I'm not a programmer.
jupjup

from browser-addon.

With other plugins like KeePassHelper, there's no need to this. The user is deemed smart enough to decide to disable the built-in manager or not.

I switched to it, it's simpler and I don't need an extra plugin if I use KeePassXC

Is not as accurate as Kee to detect fields, but for me is enough

from browser-addon.

Definitely what @vanowm said. I got confused why my setting was being mysteriously disabled on every browser startup. Quite a lot of googling leaded me to this thread. Kee is a plug-in for power users, there is no need to treat them as incapable of turning some setting on and off my themselves.

from browser-addon.

And for who, like me, has lots of browsers syncing with Firefox Sync (my example: 15), it's a nightmare. A PC that did not login in a long time would still have keefox (old version) installed. The update changes the "remember passwords" setting in that Firefox, the setting propagate to all the browsers, and so on. THIS USER IS VERY PISSED ABOUT THIS SETTING. Doesn't make sense. I stopped using Kee the day after I discovered this BUG (yes, it's a serious BUG), and still after months, I still have the side effects with Sync.

from browser-addon.

For me it just sucks that while not having imported all passwords the browser stored ones are now lost.
I would think that such events should never occur.

Fortunatally changing the "Remember logins and passwords for websites" back on brings them back.

Still I too want to use both the browser remembering and Kee, untill then, no Kee for me.

from browser-addon.

+1 for a setting to control it, i rely also on both saving methods

from browser-addon.

@noiro777 Thanks for this fix! It's sad that @luckyrat is blind to the obvious truth that many users don't want his add-on doing unexpected stuff like changing preferences without notice or consent. Already 12 users here that want it to stop, I can only imagine the total number of confused users.

@ned-martin Perhaps you can add noiro777's solution to your OP, so other users can find it more easily?

from browser-addon.

Many people will get confused if their browser suddenly has two ways of remembering passwords. It'd be great if this were an option, but it's not yet. Luckily, @noiro777's solution works very well.

from browser-addon.

Give the choice (don't change setting) is better than force a choice (reset setting at every single start)

from browser-addon.

@skorokithakis Suddenly? Like all of a sudden you get another way to store your passwords, and no one knows how it got there?

Or would it be required to actively search for an add-on and manually install it? Would people installing that add-on not know what it is for? It is there to add, not replace.

Let me quote it's description:

Kee adds free, secure and easy password management features to your browser which save time and keep your private data more secure.

It does not say it replaces. So who could possibly be surprised you would get a second way to store your passwords after installing that add-on? What it does, is not add, it replaces.

from browser-addon.

@skorokithakis If you install it for your father, what would stop you from disabling the built in password saving feature? If he installs it himself, I'd expect him to know his way around.

from browser-addon.

And that's because you've never actually created a product and seen how easy it is to confuse the majority of users.

from browser-addon.

Let's be clear: there's no way that a computer illiterate (example: my dad) will install this addon as it requires to:

1. know what a password manager is
2. think "yes, i need a secure password manager"
3. install KeePass
4. know where KeePass is installed and manually add the plgx
5. create a password database and use a different password for every website
6. manually update the manually installed plgx when required

if the user has enough skill to do this, he is 110% able to go to firefox settings and disable the native password manager, if it bothers him

from browser-addon.

@skorokithakis Exactly what @Magneticdud says. Therefore anyone bothering with both options is either not surprised and capable of making that change himself or the person who installed that add-on has failed.

How big would that last category be? I seriously doubt that would be the majority.
Might a FAQ page that explains how to disable the built in one be a sufficient solution for those?

And restricting access to previously stored passwords without any user consent or warnings? IMHO that is worse then having two options to store.

Besides that, there is a solution, just not merged into production. Not sure what needs to be changed there before it can be merged though.

Edit:
I actually can imagine the computer illiterate installing this add-on without KeePass and or working integration with it. And then expecting to be done because you can (still) save passwords. That scenario is covered by disabling the default manager. That category might be bigger then anyone of us expects it to be.

from browser-addon.

besides @luckyrat said that if anyone wants to implement it he'd include it.

I've tried #139 , it went nowhere. Not wasting my time again with this addon.

P.S. I don't understand why anyone is defending current implementation...before this ridiculous abomination what keefox become (thanks mozilla), it did ask for user consent before disabling built in password storage with a prompt, where user could opt out.

from browser-addon.

Maybe a donation may motivate @luckyrat more! ;-)

from browser-addon.

Here, here!

from browser-addon.

vanowm wrote:

By opening options page upon first install should be enough for the user to decide if they want this setting still be enabled or not. Since it will be user's decision about that setting, the addon won't need to worry about what to do with it upon enable/disable. Also worth keeping in mind that KeePass is not something any user can use, it requires some level of computer knowledge, therefor that whole confusion for people you are worry about is too insignificant

@luckyrat says:

It sounds like you're putting forward a similar argument that I've heard in other cases: "Getting Kee to work in the first place is confusing so there is a certain required level of technical knowledge, experience or intelligence in order to use it anyway, therefore we don't need to worry too much about introducing new questions/settings/steps/behaviours that only a subset of people are able to understand". Have I understood you correctly?

If that's the case, then I'm afraid I don't really feel the same way. [...] Not a justification for an unlimited number of further cognitive barriers being put in place.

So restricting access to previously entered passwords is not a cognitive barrier, changing the default behavior of a browser without notice and user consent is not a cognitive barrier.
Leaving default behavior as is and or showing an options page where you can set options. Those simple things apparently are an unlimited number of cognitive barriers.

I can't follow that logic, can't follow that at all. The fact that this thread exists is IMHO enough proof that the first are cognitive barriers. And big enough to find the correct place to complain about them.

And if I understand it correctly, it are these unlimited cognitive barriers that prevent luckyrat from accepting the (perfectly well functioning?) pull request issued by @vanowm
If that is not the case, please enlighten us to what it is that keeps this functionality from being accepted here.

from browser-addon.

By the way, in Ubuntu, the mozilla.cfg file needs to go in /usr/lib/firefox. The other file should be called local-settings.js and go under defaults/browser/preferences.

from browser-addon.

Textbook example of "it's not a bug, it's a feature!"

from browser-addon.

It is a feature, though, and it can be an option. @luckyrat is right on this, we should just implement the option and that should be it.

from browser-addon.

Any news on this one?

from browser-addon.

it won't be fixed, because between "force a change at every boot and say to the user F**K YOU, you use the browser as I say" and "never change this option", apparently the best option is the first.

I really don't understand how this addon is popular, this bug renders it unusable

from browser-addon.

Switch to waterfox and use "proper" pre-webextension version of this addon

from browser-addon.

@rsobon @Magneticdud
Have you seen this comment? It provides an easy workaround for kee to be unable to change this feature making this addon usefull again. Not how it should be but given that this addon is only used by people that know how to follow such instructions it should not be a problem to implement :-)

from browser-addon.

Yes i know, but the main issue is that i use Firefox sync with 10 devices and that workaround gives many headaches, especially on android (plus i need to waste 2 hours to do that on all my computers, hoping that won't break in future firefox updates)

from browser-addon.

This issue was a show stopper for me so I found a relatively simple work-around for it. You just have to have lock that preference so that it can't be updated by the extension. Unfortunately, the procedure to do this is less than obvious, but it does seem to work well (at least for the Windows version)

1. Create new or add to the file **_[Install Directory]\mozillla.cfg_**  ( e.g. **_C:\Program Files (x86)\Mozilla Firefox\mozilla.cfg_** )  exactly like the following (**including** the **//** on the 1st line):
   _//
   lockPref("signon.rememberSignons", true);_

2. Create new or add to the file **[Install Directory]\defaults\pref\local-setting.js**  as follows:
   //
   pref("general.config.filename", "mozilla.cfg");
   pref("general.config.obscure_value", 0);

Again, it's critical that the 1st line of both files is just: //

1. Completely restart Firefox.

If all goes well, the setting will be greyed-out and selected and should be remain that way until the preference is unlocked.

Is this still only workaround ?
I'm using keefox and looks like interference between autofill and keefox still keep this ugly behaviuour.

from browser-addon.

Apparently according to the maintainer, forcing a preference down the throat of the user is good UX.

I am no expert in UX design, so i have no say, but looks like "is more user friendly" if the only way to prevent that is locking that preference, making it accessible only to the 0.00001% of the Firefox users.

For me this is a breaking bug that stopped me completely to use the extension and uninstall it from all my browsers + all the browsers in my company + all the browsers i am keeping for my family. I suggest keepasshelper, the user experience is similar to what was keefox before october 2017.

from browser-addon.

Our arguments for having the choice were based around the requirement for sufficient it knowledge in order to be able to install this add-on. The same applies to making use of this workaround. Applying this workaround is not any harder then installing the add-on. Still not user-friendly and proper UX design if you ask me, but it is workable.

Anyways, if that percentage would be correct, then this add-on would only be used by 25 people. As there are no more then 250M in total. The majority of them already in this thread it appears.

from browser-addon.

That's why it doesn't make sense. If this plugin targets people that have IT knowledge, why does it force the preference? I have 10 different browsers linked with firefox sync, which is easier between:

1. applying the workaround manually in each of 10 computers, hoping that an update doesn't break it. And give up password saving on Android, because the workaround doesn't work there.

2. uninstall the extension and use something else

from browser-addon.

Uh,

Did I put a flame to discussion - rhetoric question of course :-)
From user perspective there is no sense in preventing of use two 'password managers'.
And it is not easy to find this workaround - that is first.
Agree that keefox and lockwise are not tools for IT people only - this is second.
I'm curious what lucyrat think about this after year since his post.

from browser-addon.

I'm curious what lucyrat think about this after year since his post.

If this issue still exits, than it's obvious they think current implementation is the way to go.

from browser-addon.

Given that Firefox have fixed the original issue here, there is now a discussion on the wider community forum about this behaviour and that the challenges MV3 will pose mean that the suggested implementations of 4 years ago are not certain to be workable anymore, I am closing this issue.

As explained in the forum, I understand that the underlying desire to control this behaviour with a new option within Kee is still important for some users and am not ignoring that request.

Hopefully the various operating system and browser workarounds mentioned in that topic and earlier in this issue can allow you to get by until we are able to revisit this.

from browser-addon.