Refining filter mode
wallace11 opened this issue · comments
General information
- Operating system + version: Arch Linux
- Browser + version: Chrome 70
- Information about the host app:
- How did you install it? AUR
- If installed an official release, put a version: 2.0.21
- Information about the browser extension:
- How did you install it?
- Installed via webstore
- Browserpass extension version as reported by your browser: 2.0.22
- How did you install it?
Exact steps to reproduce the problem
- Name your password "kde bugs.gpg"
- Go to https://bugs.kde.org
- No matching passwords found for bugs.kde.org.
What should happen?
Unless the file name explicitly say bugs.kde.org the extension wouldn't recognize it outside of search mode.
Filter mode should be quick and easy but it requires to name all the password as the exact domain they're for which sound to me a little bit too much.
I think it should at least detect "KDE Bugtracker", "KDE", "KDE Bugs" etc...
If it wasn't clear, I was using KDE Bugtracker as an example. This happens with all websites.
Hi there, this is by design, one of primary focuses for browserpass is to protect you against phishing attacks. That's why, the entries that you see in filter mode are only those that explicitly match the current domain.
If a malicious person makes you open "https://bugs.kde.com", you don't want browserpass to show you the entry "kde bugs".
If you create an entry "kde.org.gpg", it will show up on "kde.org" and "bugs.kde.org", if you create an entry "bugs.kde.org.gpg" it will show up on "bugs.kde.org" but not "kde.org".
If you press Backspace and switch back to the search mode, in the eyes of browserpass you officially wave your protection against phishing attacks and you are on your own, browserpass will happily show you all possible entries you have in your password store.
Just a heads up, the next major version of browserpass will remember which passwords you used on which domains and show them next time in the popup.
So if you have a password entry called KDE Bugs.gpg
and you navigate to bugs.kde.org
, at first just like today browserpass will not show KDE Bugs
among the list of passwords (to protect you from phishing attacks), however if you specifically search for KDE Bugs
and use it to login, next time you open bugs.kde.org
the entry KDE Bugs
will be present in the popup.