Refining filter mode - Githubissues

browserpass / browserpass-legacy

Legacy Browserpass repo, development is now happening at:

https://github.com/browserpass/browserpass-extension

MIT License

998 stars 87 forks source link

Refining filter mode #293

Closed wallace11 closed 5 years ago

wallace11 commented 5 years ago

General information

Operating system + version: Arch Linux
Browser + version: Chrome 70
Information about the host app:
- How did you install it? AUR
- If installed an official release, put a version: 2.0.21
Information about the browser extension:
- How did you install it?
- Installed via webstore
- Browserpass extension version as reported by your browser: 2.0.22

Exact steps to reproduce the problem

Name your password "kde bugs.gpg"
Go to https://bugs.kde.org
No matching passwords found for bugs.kde.org.

What should happen?

Unless the file name explicitly say bugs.kde.org the extension wouldn't recognize it outside of search mode. Filter mode should be quick and easy but it requires to name all the password as the exact domain they're for which sound to me a little bit too much. I think it should at least detect "KDE Bugtracker", "KDE", "KDE Bugs" etc...

If it wasn't clear, I was using KDE Bugtracker as an example. This happens with all websites.

maximbaz commented 5 years ago

Hi there, this is by design, one of primary focuses for browserpass is to protect you against phishing attacks. That's why, the entries that you see in filter mode are only those that explicitly match the current domain.

If a malicious person makes you open "https://bugs.kde.com", you don't want browserpass to show you the entry "kde bugs".

If you create an entry "kde.org.gpg", it will show up on "kde.org" and "bugs.kde.org", if you create an entry "bugs.kde.org.gpg" it will show up on "bugs.kde.org" but not "kde.org".

If you press Backspace and switch back to the search mode, in the eyes of browserpass you officially wave your protection against phishing attacks and you are on your own, browserpass will happily show you all possible entries you have in your password store.

maximbaz commented 5 years ago

Just a heads up, the next major version of browserpass will remember which passwords you used on which domains and show them next time in the popup.

So if you have a password entry called KDE Bugs.gpg and you navigate to bugs.kde.org, at first just like today browserpass will not show KDE Bugs among the list of passwords (to protect you from phishing attacks), however if you specifically search for KDE Bugs and use it to login, next time you open bugs.kde.org the entry KDE Bugs will be present in the popup.