Menu
So I just made a change password form for my rails app. It's just like any other very typical password change form.
So after a few times testing it out I started seeing a popup box saying
"Please confirm which user you are changing the password for"
Now this really freaked me out a bit since I know I did not write any code to do such things and I definitely do not want users to change other users' passwords.
I soon found out it was firefox's password manager. So now I'm calmed down about it, but still, I don't want this to happen to other people using my site.
How does firefox know it's changing a password anyways? Maybe it's the names of my password fields or maybe even my forms action url (/account/change_password)? Is there a way to make it not do this? Has anyone else had experience with this?
539
Many think the confirm password field is necessary to include when creating a password. This is because a password field masks the user's input. If users mistype their password, they won't recognize it. The confirm password catches typos by prompting users to type their password twice.
Whenever a user creates a password, there is always one more field of confirm password. It checks that the password entered by the user is same as this confirm password fields.
When users of your site log in for the first time, Firefox will ask the user whether they want to save the password or not. If they say yes, the password is saved.
Now, if the user changes their password on your site, Firefox will not know about it immediately. But when the user logs in with the new password, Firefox will recognize that the password you entered is not what it has on file. So it asks if you want to save that password.
Say the user has two accounts on your site now and they change the password to one of them. When they go to log in with that user and Firefox tries to update its records, it may ask "which user are you changing the password for?"
This is client-side functionality and isn't something you can really change. The user has chosen a browser that keeps track of their accounts and it's not something you can prevent.
69
When I had the same problem (on a change password form, never the login form) the only way I could avoid this popup was to disable autocompletion on the password change form:
<form autocomplete="off" onsubmit="..." ...>
This is documented in the Mozilla Developer Network but does unfortunately mean that your HTML won't validate, as discussed in this Stack Overflow question. A small price to pay to fix something that most users will assume is a bug with your website.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
