question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Option to only fill the password field?

See original GitHub issue

General information

  • Operating system + version: Debian Sid
  • Browser + version: Vivaldi 3.8.2259.42 (Stable channel) (64-bit)
  • Information about the host app:
    • How did you install it? Installed via Debian package manager (webext-browserpass 3.7.2-1+b1) and ran make hosts-vivaldi-user as per instructions
  • Information about the browser extension:
    • How did you install it? Installed via Debian package manager (webext-browserpass 3.7.2-1+b1)
    • Browserpass extension version as reported by your browser: 3.7.2

Exact steps to reproduce the problem

  1. Fill in username

  2. Click the BrowserPass extension button

  3. BrowserPass starts filling out login details

What should happen?

If the password file doesn’t contain anything but a single continuous line it’s probably just a password (as generated by pass generate [filename]). There should be an option to respect this behavior. I append _username to the files that actually contain a username (and _seccuritytoken for security tokens, etc.), and most usernames I simply share across multiple sites where I don’t mind connecting the identities (like Steam and GOG). Alternatively don’t fill the username field if it isn’t empty (might cause conflicts with sites that populate the field with “username” until clicked?).

What happened instead?

Depending on the currently set options, the username will either be filled with the filename or the default username. There is no option to only fill in the password field and leave the username field as-is.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:13 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
eraydcommented, May 18, 2021

There is no option to only fill in the password field and leave the username field as-is.

Browserpass does allow you to set an empty username in whatever file you don’t want a username entered for (see #232). This achieves exactly what you mention above - i.e. it will fill the password, and leave the username field untouched.

0reactions
eraydcommented, Jul 11, 2021

…using pass as the backing password store is an uncommon scenario to begin with

This is why Browserpass exists. To bring a common browser workflow (logging into things with a secure credential store) to a non-browser credential store (gpg files on disk).

I also disagree on that not filling usernames removes much of the utility of a web browser password manager. What you’re describing is a web browser identity manager.

You are arguing semantics, poorly. The primary function for most browser-integrated products categorised as “password manager”, is using saved credentials to log into things. This includes usernames. Whatever you wish to call it, this is very much what Browserpass is intended to do, and what most of our users use it for.

But adding a small checkbox called “Fill username” (checked by default) shouldn’t add much clutter either.

It does, actually - another option is enough to overflow the options viewport on some platforms.

…how common of a use case is it to have the username as the file name?

Extremely common. path/to/example.com/username (with the password on a single line within that file) is the organisation style where that approach is typically used.

Because to me that sounds like encouraging shared passwords across sites, which is a very bad thing security-wise.

No idea where you got this one from, but it’s incorrect. How people choose to organise the layout of their password store has nothing to do with encouraging or discouraging the reuse of credentials.

I suggest you also take a look at our anti-phishing features; while preventing reuse isn’t the primary point of them, it is a handy side effect.


Ultimately, I’m still not seeing a strong argument in favour of adding this option. As it stands currently, there is nothing about Browserpass which prevents a “fill password, then type username” style workflow (which appears to be what you want to do), and there are already existing mechanisms for extracting the first line of a multi-line file.

I am going to close this issue now, as it feels like we aren’t making any progress here towards establishing a good case for it. However, if you do have a strong, compelling argument in favour of adding this feature, please feel free to post it below.

Read more comments on GitHub >

github_iconTop Results From Across the Web

<input type="password"> - HTML: HyperText Markup Language
<input> elements of type password provide a way for the user to securely enter a password. The element is presented as a one-line...
Read more >
Enabling Password AutoFill on an HTML input element
If you have a multipage login form, explicitly setting the username and current-password types lets the user tap and fill those inputs, even...
Read more >
Google chrome autofilling all password inputs - Stack Overflow
It fills in my data in weird spots. The issue seems to be that Chrome auto fills any input with a type of...
Read more >
How to Use Password Fields (The Java™ Tutorials > Creating ...
Like an ordinary text field, a password field fires an action event when the user indicates that text entry is complete, for example...
Read more >
Auto-fill should not fill in password fields marked as `new ...
Auto-fill fills in password fields marked as new-password with an existing account's password (eg, <input type="password" ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found