I'm a new user of Secure Login, which I discovered through Autofill Forms (which I'm still experimenting with).

I've never used Opera, but being used to the way other browsers handle login behavior, I'm enjoying the ability to have this extra measure of control. Nice work!



Feature Requests:

• Instead of popping up a selector box for multiple logins, would it be possible to put the login selector in a submenu of the button? This would eliminate the need to click the button, then mouse over to the selection box, select the login and click again. I don't have an astronomically huge monitor, but having to mouse halfway across the screen to get to the selector box gets a bit tedious.


• Would it be possible to add an Secure Login element to the context menu that behaves the same as hitting the toolbar button? That way, logins could be handled from anywhere on the browser window without having to mouse from wherever you are to a toolbar.


• There seems to be a lot of resistence to giving SL the ability to save login forms that use autocomplete="off", and I totally get the argument for not doing so. However, using a bookmarklet is something of a hassle since you never know what sites kill your ability to save passwords until after you've gone through the login process, which means that you have to log out, then log back in and hit the bookmarklet.

Would it be possible for SL to somehow indicate visually that the page has specified that this login will not be saved? This would give users a heads-up to use the bookmarklet. Since SL already has an option for highlighting login forms, could there be another color for "non-saving" forms?



Suggestion:

• The help file could do with page titles that include the extension name. That way, if the help file is open in a tab, it can be picked out easily.


Keep up the good work!

akahige wrote:

Instead of popping up a selector box for multiple logins, would it be possible to put the login selector in a submenu of the button?

Yes, that would be possible and I think I'll implement it for the next version.

akahige wrote:

Would it be possible to add an Secure Login element to the context menu that behaves the same as hitting the toolbar button? That way, logins could be handled from anywhere on the browser window without having to mouse from wherever you are to a toolbar.

Yes that would be possible - but I'm not inclined to implement it. In my opinion the context menu is already cluttered up too much, especially if you use a lot of add-ons. The context menu item could be hidden if there is no login data available for the current page, but that would mean checking the available logins every time the context menu is shown.
If you do prefer using your mouse over using keyboard shortcuts you might want to have a look at one of the mouse gestures extensions - you can easily assign a mouse gesture to log you in with Secure Login. The code you need to provide for the mouse gesture to invoke the login action of Secure Login is the following:

Code:

secureLogin.login();

akahige wrote:

Would it be possible for SL to somehow indicate visually that the page has specified that this login will not be saved? This would give users a heads-up to use the bookmarklet. Since SL already has an option for highlighting login forms, could there be another color for "non-saving" forms?

Secure Login does not handle saving passwords - that is done by Firefox integrated password manager. Secure Login is just an easy-to-use and secure tool to login with the available login data saved with Firefox password manager.
I agree that forms with autocomplete disabled can be a hassle, especially if you want to save the login data for this form nonetheless. Anyway, this is something you should suggest to the developers of Firefox password/login manager.

akahige wrote:

The help file could do with page titles that include the extension name. That way, if the help file is open in a tab, it can be picked out easily.

Thanks for the suggestion. Originally, the help files were only displayed using Firefox integrated help system. For Firefox 3.0b5 and later the Firefox developers decided to remove the integrated help system in favor of support.mozilla.com.
As a workaround the integrated help for Secure Login is now displayed inside a browser tab (on Firefox 2 it's still using the integrated help system).
The help of both Secure Login and Autofill Forms needs to be extended and improved in quality anyway. I think I'll move the help and documentation to an online wiki and link to that instead of using the integrated help.

akahige wrote:

Keep up the good work!

Thanks, I'll do my best.

madblueimp wrote:

akahige wrote: Instead of popping up a selector box for multiple logins, would it be possible to put the login selector in a submenu of the button? Yes, that would be possible and I think I'll implement it for the next version.

Cool! Glad you liked the idea.

madblueimp wrote:

akahige wrote: Would it be possible to add a Secure Login element to the context menu that behaves the same as hitting the toolbar button? That way, logins could be handled from anywhere on the browser window without having to mouse from wherever you are to a toolbar. Yes that would be possible - but I'm not inclined to implement it. In my opinion the context menu is already cluttered up too much, especially if you use a lot of add-ons.

I can't disagree with the clutter problem. I have a huge block of userchrome code devoted to knocking things out of the context menu.

madblueimp wrote:

The context menu item could be hidden if there is no login data available for the current page, but that would mean checking the available logins every time the context menu is shown.

Might this work?
1) If the toolbar icon is inactive, the context menu item is hidden.
2) If the toolbar icon is active, the context menu item is present.
3) Offer an option to remove the context menu item if the user doesn't want more clutter.

madblueimp wrote:

If you do prefer using your mouse over using keyboard shortcuts you might want to have a look at one of the mouse gestures extensions - you can easily assign a mouse gesture to log you in with Secure Login.

I've never really got into using mouse gestures. My thought about having control in the context menu stems from the fact that I (and assumably most people) use the mouse (and, by extension, its context menu) to navigate around a page. We go forward and back in the history, click links, hover things, and if nothing else, we use the scroll wheel to move the page around. All of those actions mean that the mouse cursor is somewhere in the body of the page (in my case somewhere around the center), and not necessarily anywhere near the tool- or status bars. Depending on monitor resolution, it can take a good deal of mouse stroking to get from one edge of the screen -- or browser window -- to the other, so access from the context menu could be a great convenience.

madblueimp wrote:

akahige wrote: Would it be possible for SL to somehow indicate visually that the page has specified that this login will not be saved? This would give users a heads-up to use the bookmarklet. Since SL already has an option for highlighting login forms, could there be another color for "non-saving" forms? Secure Login does not handle saving passwords - that is done by Firefox integrated password manager. Secure Login is just an easy-to-use and secure tool to login with the available login data saved with Firefox password manager. I agree that forms with autocomplete disabled can be a hassle, especially if you want to save the login data for this form nonetheless. Anyway, this is something you should suggest to the developers of Firefox password/login manager.

I'm not sure how my question pertains to the saving of passwords.

What I was trying to ask -- badly, it seems -- is since SL is parsing the page for login forms and injecting a wrapper class to highlight those forms, if it would be possible to also scan for the presence of autocomplete="off" and, if present, highlight the form in a different color?

Regarding the context menu item:
Checking the available logins is not the problem - it will only be checked once for every page loaded or tab changed - no matter how many menu items, toolbar buttons or status bar icons have to be updated. I was just pointing out that it does need additional code before the context menu is shown if the menu item should be updated according to the available logins.
Well, I might just as well add this feature - maybe disabled by default and with the possibility to enable it on the settings page.
Maybe I even add the same possibility to Autofill Forms.

Regarding the saving of passwords:

akahige wrote:

What I was trying to ask -- badly, it seems -- is since SL is parsing the page for login forms and injecting a wrapper class to highlight those forms, if it would be possible to also scan for the presence of autocomplete="off" and, if present, highlight the form in a different color?

Secure Login does not necessarily parse the page to detect a login possibility. The first check is done by querying Firefox password manager for available logins which match the current website domain. Only if valid logins are returned does Secure Login parse the page for available login forms. I even recommend to turn off Secure Login's feature to automatically highlight login fields. Although it is implemented as resource friendly as possible - turned off Secure Login won't be active at all while browsing while you will still be able to use its login feature.

A feature to highlight all forms which prevent password saving or which just removes the autocomplete="off" attribute from all forms would either have to

• parse every web form on every web page, which is definitely not resource friendly or
  
• override the behavior of Firefox password manager to always save passwords ignoring the autocomplete attribute.

I'm not sure how to implement the latter. In Firefox 3 the private method _isAutocompleteDisabled of the LoginManager class would have to be modified to return always false. You can have a look at the source code here.

It would be much easier if Firefox would just support something like wallet.crypto.autocompleteoverride which is used in Seamonkey to allow ignoring the attribute autocomplete="off".
The discussion about adding support for this in Firefox is quite old - here is the related entry in bugzilla.
Unfortunately the status of this bug is set as "VERIFIED WONTFIX" - but maybe they will open it up again if more users join the call.

Thanks for taking the time to explain some of the technical considerations. In reading over the bug -- and doing some Googling -- I get the impression that it would take a considerable amount of arguing to overcome the argument about blacklisting the browser.

With any luck, though, Eric Hamiter will update Always Remember Password to work on FF3. (I tried forcing the installation, based on some older forum comments that implied that it worked, but it was a no-go for me.)

The Always Remember Password add-on just runs the same code from the remember password bookmarklet on every page load.
The code is not Firefox 2 specific so it should work on Firefox 3, though I do not recommend installing the add-on but would rather use the remember password bookmarklet when it is needed.


Always remember password hack for Firefox 3
If you're on Firefox 3 you can just edit your Firefox installation to get the "Always remember password feature" without having to run some JavaScript code on every page load:

• Shutdown Firefox
  
• Backup the file PATH_TO_YOUR_FIREFOX_INSTALLATION/components/nsLoginManager.js.
  
• Edit PATH_TO_YOUR_FIREFOX_INSTALLATION/components/nsLoginManager.js with your favorite text editor and find the following lines:
  

  Code:

  if (element && element.hasAttribute("autocomplete") &&                 element.getAttribute("autocomplete").toLowerCase() == "off")                 return true;

  
  On the GNU/Linux version of Firefox 3 Beta 5 this code is inside the private method _isAutocompleteDisabled, on the Windows version of Firefox 3 Beta 5 this code can be found inside the local helper function autocompleteDisabled which is part of the private method _onFormSubmit.
  To let Firefox password manager always remember passwords those "autocompleteDisabled"-methods have to always return the value false.
  All you have to do to achieve this is remove the lines above or comment them out like this:
  

  Code:

  //            if (element && element.hasAttribute("autocomplete") && //                element.getAttribute("autocomplete").toLowerCase() == "off") //                return true;

  
  
• Save your changes and close the editor.
  
• Restart Firefox - Firefox password manager should now always remember passwords ignoring the autocomplete="off" attribute.
  

I have been using SL for quite sometime, but I can't get any of the 0.9.1.x versions to work. When I go to a site where I have a password stored, nothing happens -- i.e. SL does not recognise the login objects. If I revert to 0.9.0.6 and revisit the same site, everything works as expected. This does not appear to be site specific -- it happens with all of the sites in my password list.

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/2008040413 Firefox/2.0.0.14
Enabled Extensions: [36]
Adblock Plus 0.7.5.4; Bookmarks Menu Button 0.4.3.4; Copy URL + 1.3.3; Digger 2.0; Download Manager Tweak 0.7.2; DownThemAll! 1.0.1; Extended Link Properties 1.2.3; Find Toolbar Tweaks 1.2.1; Firebug 1.05; Fission 0.9.7; Flashblock 1.5.5; ForecastFox 0.7.1; IE View 1.3.7; Locate in Bookmark Folders 0.2.5; Long Titles 1.3; MapFox 0.2.3; MR Tech Local Install 5.3.2.6; Nuke Anything Enhanced 0.68.1; OpenBook 1.3.4.1; PrefBar 3.4.1; Sage 1.3.10; Save Link in Folder 1.4.1; ScrapBook 1.3.3.3; Secure Login 0.9.0.6; Stop Autoplay 0.7.3; Tab Mix Plus 0.3.6; TargetAlert 0.8.9.8; Text Link 2.0.2008050601; Tiny Menu 1.4.8; Toolbar Enhancements 0.16.2; Unified Back-/Forward Button 0.6; Who's Ya Daddy 0.1.0.00

Please try installing and using the latest version of Secure Login in a fresh Firefox profile as a test.

akahige wrote:

Instead of popping up a selector box for multiple logins, would it be possible to put the login selector in a submenu of the button? This would eliminate the need to click the button, then mouse over to the selection box, select the login and click again. I don't have an astronomically huge monitor, but having to mouse halfway across the screen to get to the selector box gets a bit tedious.

Eeek! I'd better jump in here and ask (pretty, pretty please) that this be implemented as a user selectable option (or by a choice of toolbar buttons, one working the old way and one the new way).

I bought a copy of Roboform years ago but recently I've found myself using it less and less and using Securelogin/Autofill more and more. The reason is exactly because Roboform handles multiple logins more like akahige is suggesting and I, for some reason, seem to much prefer the existing mechanism where a pop-up selector box appears.

I'm not sure why I like the existing method because I can certainly see the logic behind akahige's suggestion and do think that a lot of people would like it (the more efficient use of mouse movement is a definite plus), and I might end up preferring it too but, in case I don't, I'm really scared of losing the existing behaviour which is what is luring me away from Roboform right now.

Two things do kill Roboform's implementation, at least for me, but I think akahige's suggestion has already avoided these traps. The bad things Roboform does are:

1) It does display a sub-menu (sort of, see point 2 below) but it needs the user to hover the mouse over the toolbar button rather than click it and hovering is inherently slower than a click. (The reason Roboform does this by the way is because a click on the button will use the default login that can be set up for sites that have multiple logins but for me the issue with hovering far outweighs the marginal benefit of a click executing the default login.) If there is only one login for a site then a click always does the login of course.

2) The drop-down that appears in Roboform after the hover isn't really a submenu, it is a mini dialog box that requires the user to select the login to be used (via a radio button) and then click another button at the bottom of the dialog box to actually execute the action. Very inefficient.

I really like the idea that seems to be emerging of context menu access to autofill functionality. I know that akahige's suggestion was originally for SecureLogin functionality via the context menu but the idea of getting to Autofill for specific fields is really exciting (Sxipper has this by the way which I tried for a while but just preferred SecureLogin/AutoFill).

- Julian

While we're talking about toolbar buttons I'll add a new pretty small suggestion of my own which I've had in my mind for ages.

I really like the way SecureLogin can be set up to cooperate with AutoFill but I think there's one thing that would make it just a little bit better. I have "Autofill Forms Integration" set in the SecureLogin options so to access all functionality I usually just press the SecureLogin toolbar button. Unfortunately though, I do also feel that I need to keep the Autofill toolbar button (the one with the dropdown menu) on my toolbar because it gives me convenient access to Settings, Help and profile switching.

I would love to be able to optimise SecureLogin/Autofill's use of my toolbar space by having a "super toolbar button" for use by people that are using both extensions, basically a version of the existing SecureLogin button that also has a dropdown menu that provides access through to the important Autofill stuff, that way I can access everything I need via a single toolbar button.

The above seems like a bit of a no-brainer to me but what do you (Sebastian) and others think?

- Julian

JulianL wrote:

Eeek! I'd better jump in here and ask (pretty, pretty please) that this be implemented as a user selectable option (or by a choice of toolbar buttons, one working the old way and one the new way).

I'm not yet sure how to implement it. But you can be assured that the implementation will be a definitive improvement over the selector box popup or I won't implement it at all.
If it is possible it will be a popup menu similar to the context menu of the Secure Login icon. And it will only appear if there is more than one user for a login available.
Like before the selection will popup immediately after you click on the icon - no need to wait.
The login will be performend immeadiately after you select one of the usernames - no need to click on another button.
The current selector box will still be available for keyboard shortcut logins.

JulianL wrote:

I really like the idea that seems to be emerging of context menu access to autofill functionality. I know that akahige's suggestion was originally for SecureLogin functionality via the context menu but the idea of getting to Autofill for specific fields is really exciting (Sxipper has this by the way which I tried for a while but just preferred SecureLogin/AutoFill)

The context menu functionality for Autofill Forms to fill out specific forms fields manually is already there - it's been implemented for version 0.9.3.
Just try it out via the context menu of any form field.
What I will add for both Secure Login and Autofill Forms is the possibility to call the login/autofill action from the context menu - the same command that is invoked by click on the toolbar button.

JulianL wrote:

I would love to be able to optimise SecureLogin/Autofill's use of my toolbar space by having a "super toolbar button" for use by people that are using both extensions, basically a version of the existing SecureLogin button that also has a dropdown menu that provides access through to the important Autofill stuff, that way I can access everything I need via a single toolbar button.

The Secure Login icons on the toolbar and status bar have a context menu. I will append the Autofill Forms menu to this menu if Autofill Forms is installed and the option to integrate it with Secure Login is enabled.

Wow, great extension, and lots of discussion about it.

I only have one problem. Don't know whether it is an extension issue or Mozilla issue.

Yahoo is blocking FF2 and FF3 from saving passwords. The Opera wand works fine in Opera 9.27 and 9.5B2 on both the classic site and beta site. It's one of the main reasons I use Opera a lot. I have multiple Yahoo! accounts because of AT&T dsl. I look at kids accounts, my account, master dsl account, wife's account, etc., etc.. I've never had any site problems with Opera wand.

I don't know the tech reasons behind why it works in Opera but not in FF, but would it be possible to fix this Yahoo! wand issue for Firefox 3?

Thanks

You'll find the answer in the integrated help in section FAQ the first item - or you can read it online:
https://blueimp.net/mozilla/Secure%20Login/help/secureLoginFAQ.xhtml
http://www.squarefree.com/bookmarklets/forms.html#remember_password

Hi there,

Tried the bookmarklet. Works ok in FF2. Doesn't work in FF3. (Yahoo!)

Sent an email to jruderman to see if he could update bookmarklet for FF3.

Therefore, could you incorporate the bookmarklet in the extension? Especially after he upgrades it? Then it would work like Opera.


Thanks for all your hard work!

PS. Here's a blue imp for an avatar

http://images.google.com/imgres?imgurl=http://www.sff.net/people/judy/blue-imp.gif&imgrefurl=http://www.sff.net/people/judy/Prologue.htp&h=144&w=126&sz=10&hl=en&start=5&tbnid=DDzKgbniovTcqM:&tbnh=94&tbnw=82&prev=/images%3Fq%3Dblue%2Bimp%26gbv%3D2%26hl%3Den%26sa%3DG

The bookmarklet isn't browser dependent, it's just a little piece of JS code. It works just fine on Yahoo. (I just checked it.)

The issue of incorporating the bookmarklet -- or the Always Remember Password extension -- is something that has come up in this thread repeatedly, and Sebastian has continually expressed his polite resistance to adding that feature. Speaking personally, I'd love to have the feature included, but it's not my extension. Hopefully, Eric Hamiter will update his extension(s) now that Firefox 3 has hit RC status.