Firefox doesn't remember username, but remembers password - html

I use few websites on which i would like to remember username and password.
Login mechanism is divided on two steps, in first user gives username and in next step password. Firefox remembers both of them but in next login try, username is not filled so I must fill it manually. It doesn't propose any values even if I start typing. Its not my website so I can't modify code to the working state. There is possibility that owner made it as intended but I don't care. I want to have autofill both fields, not only password field. It's my credentials, not owner of website. I have found some javascript code running as a bookmark
javascript:(function(){var fm=document.getElementsByTagName('form');for(i=0;i<fm.length;i++){fm[i].setAttribute('autocomplete','on');}})()
and it even worked for some time on one of these problematic websites (autofill proposed me a value after typed first letter) but now it doesn't work any longer.
The problematic website i want to have fully working autofill is
h**ps://www.orange.pl/twojekonto/zaloguj
Is there anything I can do to force it? Maybe other javascript inject by bookmark? I am using Firefox 91.0.2.

Related

prefill username input field on roundcube website

I want to achieve this: when I open specific url (there is roundcube login page) in Chrome on desktop, I want to have username prefilled (or at least when I start typing "h" it should show me ability to use username hello#something.dom - this way I have it on Android in chrome).
Any idea how to do this please and set it up in chrome on desktop? (I do not want to save username and password in Password settings in Chrome, I just need to get ability to choose from previously used or stored prefill value, so I do not need to type it again and again many times per day)
Thank you!
This was actually done in 2010 as part of GitHub issue 3044.
You can append the GET parameters _user or _host to prefill these fields. It's not implemented for the password field for obvious reasons.
https://mail.mycompany.example/?_user=hello%40something.dom

What (and when) triggers chrome to ask the user to save the login credentials

I am working on a website and I noticed chrome has a weird behavior. When I save form values, chrome asks if I want to save the the username and password. The weird thing is that that form isn't a login form, that form doesn't even have a field named username or password. So what qualifications does chrome exactly look for a form that makes it think that it is a login form? Or when is it triggered?
1) does it need to have a username and password field?
2) is it looking for a specific keyword?
3) or is this a known bug for chrome?

Firefox save password, based on page or based on field names

I tried to search the answer but can't get anything related to this.
Here is my problem, on create account page of the site, firefox can ask the user to save the password. If user click on save. In firefox settings -> saved passwords, I can see a record with the right username.
Then I go to the sign page of the same site, it won't populate any saved password. If I enter the same username and password as before and click on sign in. This time we can save the password again. After this in firefox settings -> saved passwords, now I can see 2 records with the same user name.
And this time if I go to the sign in page again, the saved username and password will populate correctly.
My question is, for these 2 records in saved passwords(they look exactly the same, shows same site url with the same username). Firefox will find the right username and password in saved passwords based on the page? Or based on the field name on the page? If someone knows, please tell me a little more, thank you very much.
Often the initial signup fields will have different names than the login fields. This causes the browser to not recognize that they are the same fields. When you save the first time it saves the signup credentials connected to the signup form, when you save the second time it saves the login credentials connected to the login form. Hope that makes sense.

Different autofill in system in subsite

I am writing a web system on a certain domain with a log-in dialog.
The system lies on an address
http://www.example.com/systemB/
However, there is a different system at address
http://www.example.com/systemA/
that uses a different log-in dialog, with different credentials. (Users who use systemB often use systemA too.)
Most browsers, however, automatically take the credentials from http://www.example.com/systemA/ and auto-fill them in the http://www.example.com/systemB/.
Can I write the website in such a way, that the dialog won't be autofilled from the systemA automatically, but the auto-fill will still be allowed? (For example, write some "auto-fill domain".)
I know I can ues autocomplete="off", but I don't want to turn it off outright.
You can try set empty value to the fields from systemA (value=""). When the user open it, the fields are empty but if he click on them, there will be autofill recommendations.

Is it necessary to double-check a user's password on registration?

Edit - migrated to ui Stack Exchange (please close this question)
Do you find it necessary/worthwhile to make a user repeat his password in a registration form, assuming that form includes an email address?
Pros: I imagine there are quite a few cases where users mistype their password in the registration form.
Cons: If you require a valid email anyway, he can always retrieve/reset his password via email - and for the users that do get the password right in the first try, this is yet-another-field-in-the-registration-form (which I prefer be as simple as possible)
I would say using the password reset functionality in place of double-entry is not horrible, but it would require a decent UI on the login page to ensure the "forgot your password" link is clear -- such as having it appear much bigger upon invalid password entry.
I'd personally go a different way: ask for the password after a 'verify your email address' message.
One thing to consider is you also need a valid email address -- so if they mis-enter their email, and also their password, their account is effectively locked. Many sites require clicking a link (and/or entering a code) upon account creation, in order to verify email address, before making the account active. If you're doing this, then there is an annoying UX thing to avoid: it's not always clear why my account doesn't work.
I've seen this personally where I enter a password during registration, but then it tells me "invalid password" when I try to login, rather than "your account is not yet activated". Minor, but an annoyance.
One way to get around this is to not ask for a password until they've clicked the link in the email, then you prompt to create a new password. You can use double-entry here, since it's the only thing on the form, and it's a pretty simple way to avoid an easy user mis-entry. Users are also quite used to this model, practically every password entry system works like this.
It also handles an additional use case, where the user themselves is not the one creating the account (not sure if this applies to you or not). Someone can create the account on the user's behalf, but then the user is still choosing their own password after clicking on the 'verify' link they get via email.
I do think that it is worthwhile - as an additional validation just to ensure that users havent mistyped the password (especially coz we cannot see the password being typed in most cases). I think it provides a sense of validation to the user as well that he is in fact sure of his password before he submits the form.
However, this is valid only in case of forms which do not allow you to copy / paste from one field to the other (I have used sites where their forms allow me to copy paste which inherently makes having the 2nd field completely useless)
Personally, however, i find it extremely irritating when a form makes me re-type my password. But i still do think that its a useful validation to have.