Do not replace already filled inputs

[ashkitten]

When filling a form, browserpass should not replace inputs that are already filled.

For instance, on a form to change my primary email address, I used browserpass to fill in the password field, but it also changed the first email address field to my username for the website, which was not what I wanted.

[maximbaz]

This is a little controversial, because there are websites that try to be smart and preserve username that was last used for login (e.g.: adobe.com). If you have two accounts on such website, you'd be confused, why you select in browserpass account2, and password for account2 was filled in, but username remained for account1. What you will see is that you are unable to login, as username doesn't match the password.

[maximbaz]

So I thought a little bit more about it, and until we have other use cases I tend to close this as "by design".

Argument 1: Browserpass is designed to work well for login forms (especially recently I added a lot of code to better detect precisely login forms). In the example that you describe you are dealing with a different page, not a login form, so it's kind of acceptable that browserpass behaves in a non-optimal way. Argument 2: The change made by browserpass was visible to you, it was annoying - yes, but you noticed this and could fix it manually.

The example that I mentioned is dealing with a login form (following argument 1, it is a primary scenario for us). If browserpass will fill password but keep wrong username unchanged, the error from website "your password is invalid" would be very confusing for users. Few will guess to clear inputs and try again, most will think that their password was changed and they forgot to update their password store (or that they were hacked).

Thoughts, objections? 🙂