I _assume_ this is a feature. But there is no user feedback whatsoever. I came back to the tab and found the UI in a completely different state than I left it. This can make users confused/anxious about what happened to their password or if they opened the wrong tab. Security shouldn't make you feel less secure.
Suggestion: add a notice that the passwords have been cleared for security reasons.
@Prinzhorn yes, clearing the form is a feature. But you are right, it might be confusing for user to come back and see nothing.
I was thinking about a countdown-like UI, e.g. a decreasing bar below the _master password_ field or the _visual checksum_ that suggest it will disappear. In both case it might become annoying on the long run.
Thoughts (I know nothing about the current implementation):
key*
, mouse*
and (page)visibilitychange
events) and will be reset when they become active againI was thinking about a countdown-like UI, e.g. a decreasing bar below the master password field or the visual checksum that suggest it will disappear. In both case it might become annoying on the long run.
This doesn't solve the problem when I leave the tab in the background. I won't know that there was a countdown. In case a visibilitychange
is recognized the user can be presented with a message when they come back.
@Prinzhorn if the copy remove the master password, does it helps ?
Adding a note when the password is cleared should be better, isn't it?
I close this one. The issue is difficult to solve without a visual component.
Because a visible countdown puts people under pressure, which is a bad thing
and because we loose the web context in the web extension, I don't know what solution I can use.
Feel free to add some comment here, if you have good solution.
Most helpful comment
Thoughts (I know nothing about the current implementation):
key*
,mouse*
and (page)visibilitychange
events) and will be reset when they become active againThis doesn't solve the problem when I leave the tab in the background. I won't know that there was a countdown. In case a
visibilitychange
is recognized the user can be presented with a message when they come back.