passwords not showing up ??? Topic is solved
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
-
- Fanatic
- Posts: 108
- Joined: 2017-08-11, 22:11
passwords not showing up ???
has anyone else have the problem of passwords not showing up after the newest PM upgrade? Now I have to keep entering my password every time. My list of passwords are still there, but there not showing up.
Re: passwords not showing up ???
Have you read the release notes? They popup in a tab on every upgrade. Could have saved you the time to create a thread and ME to reply to it.
Last edited by New Tobin Paradigm on 2018-01-16, 15:02, edited 1 time in total.
-
- Fanatic
- Posts: 108
- Joined: 2017-08-11, 22:11
Re: passwords not showing up ???
Oh Thank you, I did read the release notes, but somehow missed that.
Re: passwords not showing up ???
No problem.. WELL not much of one. Carry on!
Re: passwords not showing up ???
strange decision to change this function.
So usability and ease of use with passwords will be affected.
So usability and ease of use with passwords will be affected.
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup.....
Pale moon 29.4.1
Pale moon 29.4.1
Re: passwords not showing up ???
It was a security and privacy decision. You can re-enable it as an informed choice.. Least, we hope people will be informed.
-
- Fanatic
- Posts: 108
- Joined: 2017-08-11, 22:11
Re: passwords not showing up ???
It seems to only work if there is a user name and password. But if there is just a password, it does not popup, or show up... like; http://imgsrc.ru/main/passchk.php?ad=18 ... 7374954&t= the password 12345 is in my list, but its not showing up, or popping up.
Re: passwords not showing up ???
I read the release notes. Still I totally missed the ramifications of the security changes. It's not easy to miss, when you are a mere user. So sometimes, it might be useful to point such a change out with a bit more emphasis
Re: passwords not showing up ???
I like PM but now that I have to type in all passwords it sucks big time. I wish I never upgraded. Is there a way to go back to before the update? Or make the passwords appear again?
Re: passwords not showing up ???
You decide.Is there a way to go back to before the update? Or make the passwords appear again?
Re: passwords not showing up ???
There's nothing strange about it -- it's actually been a point of note for quite some time (see e.g. bug #408531 from 2007).Moonraker wrote:strange decision to change this function.
So usability and ease of use with passwords will be affected.
Automatically filling in credentials is a risk, because it's triggered by named form fields. if an XSS attack injects properly-named form fields, automatically-filled-in credentials can then be read and stolen. While there's been no known breach like this on major sites recently, it has been abused for tracking; so it's both a security AND privacy concern. See also this demo.
Usability isn't affected, only the convenience of hands-free use of passwords.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: passwords not showing up ???
Thanks moonchild.
But i have noticed that double clicking the fields produces the username and password anyway so i do not see any security or privacy benefit.If we dont wish someone to see our passwords etc then they really should not be allowed access to the computer at all.
best wishes.
But i have noticed that double clicking the fields produces the username and password anyway so i do not see any security or privacy benefit.If we dont wish someone to see our passwords etc then they really should not be allowed access to the computer at all.
best wishes.
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup.....
Pale moon 29.4.1
Pale moon 29.4.1
Re: passwords not showing up ???
Yeah but with autofill off it is a user interaction on specific fields getting the info.. Of course js can still read it but what WILL NOT be in this case is a situation where there is a HIDDEN FORM being populated with creds without the user knowing about it on a page that has no visable form.
THIS is a good thing and an improvement in sec and privacy.
Unless, user flips the pref then that is a choice the user is making to sacrifice a bit of security and privacy for convenience.
THIS is a good thing and an improvement in sec and privacy.
Unless, user flips the pref then that is a choice the user is making to sacrifice a bit of security and privacy for convenience.
Last edited by New Tobin Paradigm on 2018-01-18, 17:14, edited 2 times in total.
Re: passwords not showing up ???
It requires user interaction on a visible form field, i.e.: conscious user action to have these credentials filled in... how does that not provide a security benefit over having the manager automatically form-fill credentials in any field (including hidden ones) without user interaction, the moment a page is loaded?...Moonraker wrote:But i have noticed that double clicking the fields produces the username and password anyway so i do not see any security or privacy benefit.
I'm not sure how I can explain this to you if you don't understand this basic difference. Please take a moment to think about the automatic-on-load versus user-must-fill scenarios and differences, and how third-party scripts could abuse it. I hope you get it; if not, maybe someone else can translate it into something more understandable than what I am able to.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: passwords not showing up ???
craigd.. I don't have a page like you show. I have 8.1.
Re: passwords not showing up ???
"user interaction!"Moonchild wrote:It requires user interaction on a visible form field, i.e.: conscious user action to have these credentials filled in... how does that not provide a security benefit over having the manager automatically form-fill credentials in any field (including hidden ones) without user interaction, the moment a page is loaded?...Moonraker wrote:But i have noticed that double clicking the fields produces the username and password anyway so i do not see any security or privacy benefit.
I'm not sure how I can explain this to you if you don't understand this basic difference. Please take a moment to think about the automatic-on-load versus user-must-fill scenarios and differences, and how third-party scripts could abuse it. I hope you get it; if not, maybe someone else can translate it into something more understandable than what I am able to.
this is the key term is it not.
what difference does it make if a click is required or the details are autofilled.?
user interaction is still required for both methods.simply hiding the credentials is not secure in my opinion.If an uninvited guest is perusing your computer then whether the credentials is hidden or not is irrelevant.What i feel you should of done is to disable the double clicking function and require a fresh input from user,
my thoughts fwiw.
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup.....
Pale moon 29.4.1
Pale moon 29.4.1
Re: passwords not showing up ???
You simply don't get it or you are being intentionally being thick. Either way that is all we have to offer. If you cannot or will not try to understand.. We cannot help you.
With that the relevant discourse has come to an end in this thread.
With that the relevant discourse has come to an end in this thread.
Re: passwords not showing up ???
no mr paradox,you do NOT get it.New Tobin Paradigm wrote:You simply don't get it or you are being intentionally being thick. Either way that is all we have to offer. If you cannot or will not try to understand.. We cannot help you.
With that the relevant discourse has come to an end in this thread.
heres a scenario for you,
my laptop gets stolen and they get to my desktop...well guess what all they need to do is open browser and double click sensitive fields and voila credentials are displayed and they are in.
comprende.?
nothing thick about it and if you cant see the error here then you are intentionally being evasive and plain pedantic.
i will not resort to insults as it will get nowhere.
i am talking about local access to uninvited people..do YOU not get it and this is why google will not implement it in chrome..
if you will not understand THIS then i for one cannot make the blind see..
cheers.
user of multiple puppy linuxes..upup,fossapup.scpup,xenialpup.....
Pale moon 29.4.1
Pale moon 29.4.1
Re: passwords not showing up ???
CraigPD wrote:You decide.
AutoFillLoginDetails.png
Thank youMoonchild wrote:There's nothing strange about it -- it's actually been a point of note for quite some time (see e.g. bug #408531 from 2007).
Automatically filling in credentials is a risk, because it's triggered by named form fields. if an XSS attack injects properly-named form fields, automatically-filled-in credentials can then be read and stolen. While there's been no known breach like this on major sites recently, it has been abused for tracking; so it's both a security AND privacy concern. See also this demo.
Usability isn't affected, only the convenience of hands-free use of passwords.