-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prioritize a password entry for a particular website #314
Comments
Hello, this is already possible as the entries are also prioritized by usage, so if you manually select the correct entry once on the particular website, next time Ctrl+Shift+F would select that entry as well. Would that address your scenario? |
I see - thank you. I think though, it still seems that I would have to do this on every computer and browser that browserpass is installed on? To fix this, I'm thinking state can be set in the |
A very simple approach could be renaming the files, as in absence of any usage data, browserpass would sort them alphabetically... It's actually what I personally do, now that you mention it 😅 I name the primary entry |
@maximbaz I'm open to this feature if there's a good way to do it (and it is something I would use), but have concerns about excessive complexity. If it happens, it needs to be predictable and easy for the user to reason about. @hyperupcall Can you describe how you envisage such a thing being implemented? My biggest concern is sorting when there are multiple stores (and thus multiple The single-store case is easy (e.g. via an array of paths, where any path present in the array is prioritised according to array order, and then anything that isn't follows after according to our existing logic). But that approach doesn't translate to multi-store, and is thus unsuitable. |
For sure, I wouldn't want needless complexity either I wasn't thinking arrays, but objects. Specifically, with members representing the paths, and each value, a number, representing the priosity. For example: With store A: // store-a/.browserpass.json
{
"priorities": {
"google.com/account-cool.gpg": 1
"google.com/account-notcool.gpg": 2,
"github.com.gpg": 2
}
} And store B: // store-a/.browserpass.json
{
"priorities": {
"github.com.gpg": 1
}
} And assuming that all the files, exist, then; For As for the predictability and intuitiveness, one option is to document this, but not bake it into the UI; that way, since the user has to the file themselves, they won't be confused. Another option is to indicate in the UI that it has a priority that superscedes all others, like adding its number priroty somewhere. and re: the file + directory thing @maximbaz mentioned is a good idea, I didn't think of that - but like you said, once one is chosen, it doesn't really work 😅 |
I think I'd be OK with that. @maximbaz, what do you reckon? |
I'm fine with the proposed file layout, just wanted to clarify that we are still talking about initial priorities, the sorting that activates in the absence of any usage data, just before we sort by file names - is that also your understanding, or do you want these new priorities to superseed all other logic? Let's take a specific example, imagine I have five entries for google.com: cool.gpg
notcool.gpg
old.gpg
verynotcool.gpg
veryold.gpg I have priorities defined for a subset: {
"priorities": {
"google.com/cool": 1,
"google.com/old": 2,
"google.com/notcool": 3,
}
} In the fresh installation, they are sorted by priority and then by name: Is this the expected sorting in popup?
|
IMO, this logic should supercede - it's basically saying, "let me manually determine priority for these items". So, anything with a priority number gets sorted by that number, at the top of the list. Then everything else comes after those entries, sorted by our existing priority rules. If this feature were to only provide sorting info in the absence of usage history (i.e. how your example works), I think that would make for a confusing UX. Doing it that way seems like a bad idea to me. |
It could also be reasonable to allow negative priority numbers, and put anything with a negative priority at the bottom of the list, after all other entries. I would use the heck out of that... I have a whole lot of client accounts in my store that I never want Browserpass promoting up the list, and this feature would provide a handy mechanism for me to enforce that. |
I know my usage of password store is much simpler than yours, but have you considered simply moving the old clients to a separate password store, that could be excluded from Browserpass? Or removing the usage count for them, so that they would naturally flow to the bottom, as if unused? Could you also give an example of how you are thinking to use this feature, with positive priorities? I thought perhaps you'd keep the current clients in the priority list, maybe even all with priority |
I already have them in a separate store. I don't want to exclude them though, because I do use those entries, albeit rarely. I just don't want them ever getting promoted.
This isn't a solution, because (a) we don't provide a usage-count-editor, and (b) they aren't unused; I'd keep having to do this. If I could simply define them as lowest-priority (or even better, demote an entire pattern, similarly to how we handle
Something I do a ton of is logging into Google, and there are multiple accounts I do this with. I always want one specific account to be the top one, but because that account often isn't the most-recently-used one, every time I log into Google I have to check which one is actually at the top right now before using it, thus rendering CTRL+SHIFT+F useless for me on that particular domain.
This is a really good point. I had not thought of it until you brought it up, but I share your concern. Perhaps tweaking it so that most-recently-used remains highest priority for the tab it was invoked on would be a suitable solution? That way there is no risk of accidentally leaking the wrong password, but it can happily coexist with the priority feature. |
I like this idea a lot, and I can't believe we didn't think about it earlier - it makes so much sense! The most-recently-used one should definitely be the highest priority only on the current tab, and maybe even only until this particular tab doesn't change domain. This way, your most used Google account would already be always the first, without any priority feature, and yet Ctrl+Shift+F would be consistently predictable. This also sounds simpler to implement, perhaps we should extract this idea out of this discussion? Setting that aside, I can see your other scenario for demoting priorities, you are right that removing them altogether is not a solution. However let me try to spell out one more idea, it will help me better understand this case, please tell me where my thoughts go the wrong way 🙂 I imagine you have a customer A, and you use their login a lot, so the usage count grows, and these credentials naturally bubble up. Then the work is done, and customer goes into maintenance mode - you still need to login ocassionally, but very rarely, and instead you are actively working with customer B and their login. The annoyance to solve is that login for customer B will be below customer A for quite a while, until the usage counter finally overtakes, if ever. And if that's the case, and my assumption is correct that your wish is to make customer B be on top, I can see two ways you could achieve this (both not implemented today):
|
This, I disagree with, for two reasons:
However, allowing most-recent to override any manual priority on the current tab once invoked there (and as you say, possibly just until the domain changes) IMO makes a lot of sense, for the security reasons you mentioned earlier.
I think it belongs here, to be honest. I'm not seeing a good use-case for it independently of a manual-priority feature, unless there is a separate scenario that you think would benefit from it?
This is the case for some logins (particularly with project-based work), but with others they start out rarely used and remain remain that way. The latter tends to happen for systems where I am engaged on an ongoing basis for something that isn't a one-off project. An example might be a network appliance for which the only reason I need to log in is configuration changes or patching.
This would definitely be my preferred way of demoting stuff. Explicitly chucking them overboard with an anchor attached is predictable, easy, and will get a lot of clutter out of the way. Note that we are referring to entries here, not websites / domains.
This method is unsuitable, because it relies on the assumption that customer B's usage is more frequent, when that is not necessarily the case. |
Ah, yeah my understanding is different too - I'm was also saying that these new priorities should superscede all logic. And likewise for me, moving the entries to a separate password store isn't a solution for the same reason. But like you mentioned, there is a security concern for multi-login scenarios (thanks for pointing that out), so I suppose a more recent login should be above all else due to security. This idea:
I really like. To be honest, the current behavior was originally confusing for me because I assumed everything was ordered alphabetically. But it appears this behavior is different than what existing users expect. Maybe the security problem could also be solved with a timer. By default, the timer is Or Maybe there can be an option for "per-tab", and "global" for saving the most recently used password for a particular. Or an option for disabling recently used passwords all together. Or maybe there can be an "X" by the the most recently used, so right after I login, I can click the "X" so I get the behavior I want. I'm suggestions options because for me, it's not intuitive that there can't be a situation in which a thing with prority The demoting stuff is natural, especially for negative priority numbers, but I have no preferences. Once I can't do Ctrl+Shift+F, I have to check the whole list, and I don't have enough alternative accounts for any particular website for it to be hard to find the account i'm looking for. |
I do think Ctrl+Shift+F behavior deserves to be reconsidered regardless of the priority idea, but we can keep the discussion here. I think my main argument would be that in my experience it's hard to remember what login I used last, but it's easy and natural to remember what login I typically use. I believe it's what @hyperupcall refers to as well, in the second to last paragraph above. With the proposed behavior to Ctrl+Shift+F we can make it work like this out of the box, for everyone, on all websites, if you let Browserpass learn your usage pattern for a bit, and leave priority feature for more advanced use-cases, or if you want the proper sorting on a fresh installation. And when I say "typically", I mean the entry I use most frequently now, not necessarily throughout my entire life - so being able to reset frequency counter is an essential part of my entire thought process. I am not so much afraid to change behavior when we introduce good improvements, we have tools for this, like bumping major version and showing a changelog notification. And in this particular case, I feel like most people won't even notice that the behavior changed, except (hopefully) they'll find that it's now more intuitive than it used to be, and they can trust Ctrl+Shift+F to pick the right thing in more situations. I'm not claiming that the scenarios below are covering everything, but they probably represent the most usual ones:
And as an additional bonus, with this proposal, the behavior of Ctrl+Shift+F would be both identical and safe to use with whatever of the currently mentioned ideas for the priority feature we have, we won't have to remember that Ctrl+Shift+F behaves differently on websites with and without priority defined, and we can just focus on figuring out what we want out of the priority feature. What do you guys think? 🙂 As for the priority feature itself, given that you both express preference for superseding or replacing the frequency algorithm on the domain that has priority defined, I buy your arguments, and therefore I am more than happy for us to explore this way. So let me ask, which one should it be, supersede frequency data, or completely ignore it, if for a given domain we have both? Could you perhaps update my example with your expected behavior, or maybe even expand it, to cover for all desired features, like negative priority, to make sure we all agree on the desired outcome? |
Yup 👍
I like this! For me it works in more cases out of the box, and the reset frequency makes it flexible enough in case users switche the account that they use the most.
Since now the entries are listed by frequency rather than recency, I think a better strategy might be to store the frequency data in the |
General information
$ browserpass-linux64 --version
):Browserpass host app version: 3.0.10
Feature Request
To mark a particular entry from a site as "priority" if there are multiple issues
Current Beavior
If multiple accounts are associated with a site (e.g.
github.com
is a subdirectory in the password store), then, autofilling the login form (with Ctrl+Shift+f) will sometimes result in an unintended password to be filled in.Proposed Feature
A method to mark a particular account as "priority". So, if there are multiple accounts, that account with priority will be used to autofill the login form.
The text was updated successfully, but these errors were encountered: