Giters

browserpass / browserpass-legacy

Legacy Browserpass repo, development is now happening at:

Home Page:https://github.com/browserpass/browserpass-extension

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Refining filter mode

wallace11 opened this issue · comments

commented

General information

  • Operating system + version: Arch Linux
  • Browser + version: Chrome 70
  • Information about the host app:
    • How did you install it? AUR
    • If installed an official release, put a version: 2.0.21
  • Information about the browser extension:
    • How did you install it?
      • Installed via webstore
    • Browserpass extension version as reported by your browser: 2.0.22

Exact steps to reproduce the problem

  1. Name your password "kde bugs.gpg"
  2. Go to https://bugs.kde.org
  3. No matching passwords found for bugs.kde.org.

What should happen?

Unless the file name explicitly say bugs.kde.org the extension wouldn't recognize it outside of search mode.
Filter mode should be quick and easy but it requires to name all the password as the exact domain they're for which sound to me a little bit too much.
I think it should at least detect "KDE Bugtracker", "KDE", "KDE Bugs" etc...

If it wasn't clear, I was using KDE Bugtracker as an example. This happens with all websites.

commented

Hi there, this is by design, one of primary focuses for browserpass is to protect you against phishing attacks. That's why, the entries that you see in filter mode are only those that explicitly match the current domain.

If a malicious person makes you open "https://bugs.kde.com", you don't want browserpass to show you the entry "kde bugs".

If you create an entry "kde.org.gpg", it will show up on "kde.org" and "bugs.kde.org", if you create an entry "bugs.kde.org.gpg" it will show up on "bugs.kde.org" but not "kde.org".

If you press Backspace and switch back to the search mode, in the eyes of browserpass you officially wave your protection against phishing attacks and you are on your own, browserpass will happily show you all possible entries you have in your password store.

commented

Just a heads up, the next major version of browserpass will remember which passwords you used on which domains and show them next time in the popup.

So if you have a password entry called KDE Bugs.gpg and you navigate to bugs.kde.org, at first just like today browserpass will not show KDE Bugs among the list of passwords (to protect you from phishing attacks), however if you specifically search for KDE Bugs and use it to login, next time you open bugs.kde.org the entry KDE Bugs will be present in the popup.