In France "recommendations" from the CNIL is not to be taken lightly, as the companies could be held responsible or even sued for not respecting these recommendations (if data leak or other GDPR issues where to happen). And it would be nice to be able to force or at least set a basic level for this kind of parameters.Īs Bastien stated there is a legal obligation in France for companies to force these standards upon the accounts (users/customers). I see a lot of companies allowing their employees to use the Firefox password manager/Lockwise. If this issue won't be fixed, is there a recommended workaround (such as a firefox plugin which can manage the passwords instead of firefox) ?Īs a Firefox/Lockwise user for quite a while now, I think that being able to edit the parameters for the password generator is a real need. Ideally, one should have on/off flags for common password options (special characters, alphanumerics, use special chars in middle etc) in the auto-generated password pop-up. I think this is a fairly common usecase which is getting ignored because the password edit data does not reflect how often this feature is needed. Most recently, I could not use the firefox generated password while creating an Amazon Lightsail account. On one occasion I edited the firefox generated password. On at least two occasions, I have had to open chrome to generate the password, save it on google account, copy that password and make firefox remember that password by loggin in to the website as a workaround. Typically if I can already see that the password being generated doesn't fulfill the requirements, I don't even click on the auto-generated password.
This data may not necessarily reflect reality.
Sites can already use minlength, maxlength and pattern attributes to tell password managers about the most common requirements but we don't honour them yet and that is off-topic for this bug. Looking further ahead, it would be nice if there was an HTML extension for sites to communicate their password requirements without user intervention. It's easier to add a character than to get the caret in the right spot to delete all of them if the site doesn't allow them. That's one reason we make the field unmasked upon focus, allowing easy additions of special characters. This feature needs to be much more flexible for it to be effective at combating password reuse. That's unfortunate… our data says something very different than your experience: only 3.5% of filled generated passwords get edited. Lack of Firefox support for these cases makes the password generator far less useful than it should be. Conversely, I've also run into sites that require all-numeric passcodes, or reject Firefox generated passwords as too long. My experience, since the password generator landed in the Firefox release channel, is that over half the sites I've tried require special characters in passwords. Use that phrase to create a secure password that you can customize for each website you visit.(In reply to ch-bugzilla from comment #4) Take a moment to think of a phrase that's meaningful to you. Sites like that deserve their own password selection phrase. While this technique lets us reuse the phrase-generated part of the password on a number of different websites, it would still be a bad idea to use it on a site like a bank account which contains high-value information. Reversing the order of the letters in the suffix, using only vowels, only consonants, or adding some other characters that come to mind when you think about the web site are all possible approaches that will improve security. This is just one possible rule for picking the prefix or suffix that you use to customize your password for each web site. To mix things up a bit more we'll use the same rule to decide whether to add the site mnemonic to the left side or the right side. Just to add a bit more randomness we'll alternate upper-case and lower case, and if the first character in the site name is a vowel we'll start with upper-case. Let's use the first letter and the next two consonants in the site name. We can use our new password on several different websites by adding a prefix or suffix with a mnemonic link to a particular site. #Hihas4ei: Step 3: Associate it with a website This is a reasonably strong password but we can improve it a bit by adding some special characters: If we use the first letter of each word, and substitute 4 for "for", we get: For example, let's use a quote from Ogden Nash: "Happiness is having a scratch for every itch." You can create a more secure password by starting with a simple phrase.
0 kommentar(er)
