keepassxreboot / keepassxc-browser

KeePassXC Browser Extension
GNU General Public License v3.0
1.78k stars 188 forks source link

Password save banner disappears too quickly or does not appear at all on some sites #1831

Open dafadllyn opened 1 year ago

dafadllyn commented 1 year ago

The banner that lets one save or update a password disappears too quickly on some sites (e.g. amazon.com, outlook.com) and does not appear at all on some other sites (e.g. gmail.com, microsoft365.com, icloud.com).

Setting 'Number of allowed redirects' to infinite does not help.

Debug info

KeePassXC - 2.7.4 KeePassXC-Browser - 1.8.4 Operating system: Windows 11 (10.0.22621 Build 22621) Browser: Firefox 109.0

droidmonkey commented 1 year ago

Go to the extension settings and increase the redirect count. It's near the bottom.

varjolintu commented 1 year ago

@droidmonkey The redirects were already set to infinite as the issue text says. So let's reopen this.

droidmonkey commented 1 year ago

Whoops, missed that bit

YellowOnion commented 1 year ago

Definitely an issue with the page refreshing or redrawing, the embedded password generator is a liability at this point.

Hold up why is number of redirects set to 1 as a default? Dumb defaults like this piss me off, specially when other UX features encourage you to generate passwords in the page and then you just lose the password after you sign up to the service, I don't even understand the point of this feature, why would you want to artificially lower the redirect limit.

varjolintu commented 1 year ago

@YellowOnion The whole setting exists because some users wish that the banner is always visible until dismissed, and some want it displayed only once after login and not with further redirects. Just giving a possibility to configure it as you like. The latest version 1.8.5 increased the default value to 3.

@dafadllyn If the banner doesn't display at all, it's probably because the form submit hasn't been detected properly.

Artiom-M commented 1 year ago

The same problem with google accounts on Vivaldi browser. I've tried to mark fields manually: doesn't help.

spacegaucho commented 1 year ago

If functionality is all you guys care about then there's a work-around that practically makes the banner unnecessary.

image

bburdette commented 11 months ago

trying to log in to yahoo email. set redirects to infinite, the value there appeared to have defaulted to 1. didn't help; the dialog gets nuked after page refresh.

would be nice if the last entered creds were available to be saved after this happens, like through a right click menu item on an extension icon.

droidmonkey commented 11 months ago

I wonder if a lot of these issues are related to the generic ID of the banner @varjolintu

varjolintu commented 10 months ago

I wonder if a lot of these issues are related to the generic ID of the banner @varjolintu

Might be. Gotta fix that asap.

Rincemac commented 10 months ago

Since it also just happened (again) to me, too, I have to add my 2 cents here.

When using the "classic" KeePass and its browser extension I never faced these user unfriendly UX issues. You cannot expected a user to "anticipate" the banner getting nuked when creating a new login. Especially when, as recommended, using the random pw generator to apply a random PW.

This frequently happens on KeePassXC browser plugin on various sites. To expect someone to set "redirects", when the standard setting is set unecessarily set to "1" even it is tantamount to "how to have a bad user experience". It's counterintuitive and might compel to not use the random generator. When using it, user doesn't know (and shouldn't) the password - neither will they remember a string of random chars - so the pw is lost from the get-go.

I am and advanced / expert level user and it still gets me all the time, especially since the banner is nuked either way on some sites at random.

I just had to "recover PW" on a newly created account for this very reason (Autodesk site) - please fix it, it's very annoying and an immediate turn-off to use XC random PW generator as one should do in good practice.

Some points for possible better UX:

KeePass classic (2.x) has its extension icon "pulsating" immediately after new credentials are applied and would be available to save as a new entry. This compels a user to click it and then have them (immediately) saved to a new entry. I am amazed XC doesn't copy this behaviour, since it works pretty well.

Possible Solutions in XC browser extension UX:

varjolintu commented 10 months ago

KeePass classic (2.x) has its extension icon "pulsating" immediately after new credentials are applied and would be available to save as a new entry. This compels a user to click it and then have them (immediately) saved to a new entry. I am amazed XC doesn't copy this behaviour, since it works pretty well.

This was the original implementation. This caused users to miss the whole new credentials prompt because it was hidden under the popup. And it also forgot the settings, or user wanted to use the normal popup instead of storing new credentials.

* once a user creates a _new account_, **immediately offer to save a new credential entry**. Why not make the banner permanent (if possible, or at least visible as long as possible) **until dismissed by user** - To alleviate user complaints, why not reverse mechanic and have an option in Settings to "dismiss new entry banner after X seconds" (?)

The banner should be displayed until it's dismissed if the option is set to infinite. We are doing improvements to this feature, sooner or later.

Rincemac commented 10 months ago

Thanks for the notes, appreciate the reply - despite having infite set sometimes the banner gets mysteriously killed - this especially happens when some sites reload what I suppose to a different subdomain or similar. Ie when the "create account" form seems to be on a totally different subnet or maybe even domain.

The right click method is usually also not valid here since you're prompted on some sites to have password created/entered after confirming mail (or these are handled in two separate steps, ie first email field -> confirm -> create password -> confirm.

I find that the banner getting lost is happening especially with these two-step sites. Autodesk (https://tinkercad.com) just was a culprit here if you want some sites for testing maybe.

Hope you'll find what's causing this, and good hunting 🐞

varjolintu commented 10 months ago

Thanks for reporting a site where this can be easily reproduced. That already helps.