cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jack9999
Making moves
Status: New idea

It would be more secure if for banking websites the autofill could be turned off (individually selectable in the password manager).

The password could be copy pasted or also with a second device copied by using eyes from one to the other device.

there are banks with website that have the security flaw that once the device is registered, the account could be accessed by using autofill (if the device is left alone).

5 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Anonymous
Not applicable
jack9999
Making moves

Thanks for your addon suggestion. It seems that the addon does not work with the newest version of windows firefox. furthermore you can't define specific domains that should not allow autocomplete of logins and passwords and IMO you shouldn't trust too much in 3rd addons for pws.

in a password manager with kdbx this feature exists. you can just list those domains (with its subdomains) which should not be allowed to use passwords with auto fill.

the PRIMARY PASSWORD feature of firefox gives a false sense of security. It may work to block access to the passwords for not yet completed password entry for websites. But it does not work when someone already entered passwords for google drive and so on. you can just click somewhere on the website or cancel and you're in your cloud and the PRIMARY PASSWORD has brought nothing for security...

It would make more sense to use PRIMARY PASSWORD for a complete unlock of firefox (without the primary password the browser would not work at all). so, primary password still makes sense for not yet entered passwords but it gives a false sense of security. It must be noted that a complete "complete sign out" with delete data always takes quite a lot of time.

the ability to define domains of corresponding log ins and passwords (but these still could be accessed by manually copy paste or using eyes from the pw manager) that should be blocked for autofill makes a lot of sense for banking websites...

jack9999
Making moves

I do not trust much 3rd party password addins. also, it seems that it does not work with the latest firefox version.

the "primary password" doesn't really make that much sense, because otherwise you can access websites that are already logged in, such as Google (drive) etc., without the Password Manager. It gives a false sense of security: Even if the Password Manager is blocked, you can access websites that are already logged in without any problems (simply press cancel)
the "primary password" makes more sense if it completely blocks the browser or, conversely, completely unblocks it. conversely, it takes time until the browser is completely signed in again.

In any case, it makes sense to offer the option of blocking domains for the auto login of e.g. banks.

 

silvi0_napoli
New member

about autofill.( thing that i do not dislike at all) i  ve noticed that some postal bank account do not accept form already filled. so the "pay" gadget remain ghosted untill i do not fill by hand some form. any ideas? the site is www.poste.it