Option to only fill the password field?
See original GitHub issueGeneral information
- Operating system + version: Debian Sid
- Browser + version: Vivaldi 3.8.2259.42 (Stable channel) (64-bit)
- Information about the host app:
- How did you install it?
Installed via Debian package manager (webext-browserpass 3.7.2-1+b1) and ran
make hosts-vivaldi-user
as per instructions
- How did you install it?
Installed via Debian package manager (webext-browserpass 3.7.2-1+b1) and ran
- Information about the browser extension:
- How did you install it? Installed via Debian package manager (webext-browserpass 3.7.2-1+b1)
- Browserpass extension version as reported by your browser: 3.7.2
Exact steps to reproduce the problem
-
Fill in username
-
Click the BrowserPass extension button
-
BrowserPass starts filling out login details
What should happen?
If the password file doesn’t contain anything but a single continuous line it’s probably just a password (as generated by pass generate [filename]
). There should be an option to respect this behavior. I append _username
to the files that actually contain a username (and _seccuritytoken
for security tokens, etc.), and most usernames I simply share across multiple sites where I don’t mind connecting the identities (like Steam and GOG). Alternatively don’t fill the username field if it isn’t empty (might cause conflicts with sites that populate the field with “username” until clicked?).
What happened instead?
Depending on the currently set options, the username will either be filled with the filename or the default username. There is no option to only fill in the password field and leave the username field as-is.
Issue Analytics
- State:
- Created 2 years ago
- Comments:13 (2 by maintainers)
Top GitHub Comments
Browserpass does allow you to set an empty username in whatever file you don’t want a username entered for (see #232). This achieves exactly what you mention above - i.e. it will fill the password, and leave the username field untouched.
This is why Browserpass exists. To bring a common browser workflow (logging into things with a secure credential store) to a non-browser credential store (gpg files on disk).
You are arguing semantics, poorly. The primary function for most browser-integrated products categorised as “password manager”, is using saved credentials to log into things. This includes usernames. Whatever you wish to call it, this is very much what Browserpass is intended to do, and what most of our users use it for.
It does, actually - another option is enough to overflow the options viewport on some platforms.
Extremely common.
path/to/example.com/username
(with the password on a single line within that file) is the organisation style where that approach is typically used.No idea where you got this one from, but it’s incorrect. How people choose to organise the layout of their password store has nothing to do with encouraging or discouraging the reuse of credentials.
I suggest you also take a look at our anti-phishing features; while preventing reuse isn’t the primary point of them, it is a handy side effect.
Ultimately, I’m still not seeing a strong argument in favour of adding this option. As it stands currently, there is nothing about Browserpass which prevents a “fill password, then type username” style workflow (which appears to be what you want to do), and there are already existing mechanisms for extracting the first line of a multi-line file.
I am going to close this issue now, as it feels like we aren’t making any progress here towards establishing a good case for it. However, if you do have a strong, compelling argument in favour of adding this feature, please feel free to post it below.