Password save banner disappears too quickly or does not appear at all on some sites

[dafadllyn]

The banner that lets one save or update a password disappears too quickly on some sites (e.g. amazon.com, outlook.com) and does not appear at all on some other sites (e.g. gmail.com, microsoft365.com, icloud.com).

Setting 'Number of allowed redirects' to infinite does not help.

Debug info

KeePassXC - 2.7.4 KeePassXC-Browser - 1.8.4 Operating system: Windows 11 (10.0.22621 Build 22621) Browser: Firefox 109.0

[droidmonkey]

Go to the extension settings and increase the redirect count. It's near the bottom.

[varjolintu]

@droidmonkey The redirects were already set to infinite as the issue text says. So let's reopen this.

[droidmonkey]

Whoops, missed that bit

[YellowOnion]

Definitely an issue with the page refreshing or redrawing, the embedded password generator is a liability at this point.

Hold up why is number of redirects set to 1 as a default? Dumb defaults like this piss me off, specially when other UX features encourage you to generate passwords in the page and then you just lose the password after you sign up to the service, I don't even understand the point of this feature, why would you want to artificially lower the redirect limit.

[varjolintu]

@YellowOnion The whole setting exists because some users wish that the banner is always visible until dismissed, and some want it displayed only once after login and not with further redirects. Just giving a possibility to configure it as you like. The latest version 1.8.5 increased the default value to 3.

@dafadllyn If the banner doesn't display at all, it's probably because the form submit hasn't been detected properly.

[Artiom-M]

The same problem with google accounts on Vivaldi browser. I've tried to mark fields manually: doesn't help.

[spacegaucho]

If functionality is all you guys care about then there's a work-around that practically makes the banner unnecessary.

• By functionality I mean, the ability to save the password (before the page refreshes) without loosing it after a first login/set password prompt.
• Workaround: type in your user and password, then right click on the user/password textfield and select the KeePassXC-Browser, and then hit Save Credentials.

[bburdette]

trying to log in to yahoo email. set redirects to infinite, the value there appeared to have defaulted to 1. didn't help; the dialog gets nuked after page refresh.

would be nice if the last entered creds were available to be saved after this happens, like through a right click menu item on an extension icon.

[droidmonkey]

I wonder if a lot of these issues are related to the generic ID of the banner @varjolintu

[varjolintu]

I wonder if a lot of these issues are related to the generic ID of the banner @varjolintu

Might be. Gotta fix that asap.

[Rincemac]

Since it also just happened (again) to me, too, I have to add my 2 cents here.

When using the "classic" KeePass and its browser extension I never faced these user unfriendly UX issues. You cannot expected a user to "anticipate" the banner getting nuked when creating a new login. Especially when, as recommended, using the random pw generator to apply a random PW.

This frequently happens on KeePassXC browser plugin on various sites. To expect someone to set "redirects", when the standard setting is set unecessarily set to "1" even it is tantamount to "how to have a bad user experience". It's counterintuitive and might compel to not use the random generator. When using it, user doesn't know (and shouldn't) the password - neither will they remember a string of random chars - so the pw is lost from the get-go.

I am and advanced / expert level user and it still gets me all the time, especially since the banner is nuked either way on some sites at random.

I just had to "recover PW" on a newly created account for this very reason (Autodesk site) - please fix it, it's very annoying and an immediate turn-off to use XC random PW generator as one should do in good practice.

Some points for possible better UX:

KeePass classic (2.x) has its extension icon "pulsating" immediately after new credentials are applied and would be available to save as a new entry. This compels a user to click it and then have them (immediately) saved to a new entry. I am amazed XC doesn't copy this behaviour, since it works pretty well.

Possible Solutions in XC browser extension UX:

• once a user creates a new account, immediately offer to save a new credential entry. Why not make the banner permanent (if possible, or at least visible as long as possible) until dismissed by user - To alleviate user complaints, why not reverse mechanic and have an option in Settings to "dismiss new entry banner after X seconds" (?)
• it might also be a good addition to have an button option in the PW generator itself. ie. "Save credentials" to immediately do it when applying this random password to a new account (-> this would also be usable when updating to a new random pw with an existing account)?

[varjolintu]

KeePass classic (2.x) has its extension icon "pulsating" immediately after new credentials are applied and would be available to save as a new entry. This compels a user to click it and then have them (immediately) saved to a new entry. I am amazed XC doesn't copy this behaviour, since it works pretty well.

This was the original implementation. This caused users to miss the whole new credentials prompt because it was hidden under the popup. And it also forgot the settings, or user wanted to use the normal popup instead of storing new credentials.

* once a user creates a _new account_, **immediately offer to save a new credential entry**. Why not make the banner permanent (if possible, or at least visible as long as possible) **until dismissed by user** - To alleviate user complaints, why not reverse mechanic and have an option in Settings to "dismiss new entry banner after X seconds" (?)

The banner should be displayed until it's dismissed if the option is set to infinite. We are doing improvements to this feature, sooner or later.

[Rincemac]

Thanks for the notes, appreciate the reply - despite having infite set sometimes the banner gets mysteriously killed - this especially happens when some sites reload what I suppose to a different subdomain or similar. Ie when the "create account" form seems to be on a totally different subnet or maybe even domain.

The right click method is usually also not valid here since you're prompted on some sites to have password created/entered after confirming mail (or these are handled in two separate steps, ie first email field -> confirm -> create password -> confirm.

I find that the banner getting lost is happening especially with these two-step sites. Autodesk (https://tinkercad.com) just was a culprit here if you want some sites for testing maybe.

Hope you'll find what's causing this, and good hunting 🐞

[varjolintu]

Thanks for reporting a site where this can be easily reproduced. That already helps.