Q1. What is the problem that you are trying to solve?
Using the Android app (Google Pixel 4a), the “Select From Passbolt” feature doesn’t work very well.
What I do:
- Open a website or app for which I have stored credentials
- Select a username or password input
- At this point, the “Select From Passbolt” prompt may or may not appear; if it doesn’t, then it seems that selecting random other fields and then coming back to the input field sometimes helps, though the prompt may also disappear shortly after selecting the input field, making the act of tapping it a game of whack-a-mole.
- Once I have selected “Select From Passbolt”, the Passbolt app pops up and asks me to unlock the key with biometrics.
- Use fingerprint to unlock key.
- Select credentials.
What I expect to happen:
Credentials are filled into username and password fields.
What actually happens:
Usually nothing. Sometimes, the “Select From Passbolt” prompt changes into “Fill With Passbolt”, and tapping it actually fills the form, but most of the time, it doesn’t, and tapping “Select From Passbolt” gets me back to the key unlocking and credential selecting, i.e., I’m going in circles without ever being able to use the password.
The alternative approach would be to open the Passbolt app separately, and copying the credentials. This works, but it is cumbersome, because the app asks me to unlock the key again every time I switch away from it and back to it, and after the unlocking, I have to search the credentials again, so the procedure for logging into a website or app with this approach goes like this:
- Open website / app
- Open Passbolt app
- Unlock key (this takes several seconds)
- Search credentials
- Copy username
- Switch to website / app
- Paste username
- Switch to Passbolt app
- Unlock key
- Search credentials
- Copy password
- Switch to website / app
- Paste password
Q2 - Who is impacted?
Presumably, all users of the Android app, though I have only tested it on my own device.
Q3 - Why is it important and/or urgent?
Major usability impairment.
Q4 - What is your proposed solution? (optional)
- Improve handling of username / password fields in apps and websites
- Fix bugs in “Select From Passbolt” feature
- Keep key unlocked when backgrounding the app, at least for a reasonable amount of time
Q5. Community support
(Forum won’t let me create poll here)
What is your Android OS version and what are your autofill settings? There are two modes supported in Android, one with OS Autofill and one with Accessibility settings, the later should work if the former doesn’t.
Android version is 13, security update 2022-11-05. I believe Google ships a fairly vanilla Android for their Pixel phones.
I tried enabling the “legacy” option, but that doesn’t seem to work at all - no “Select From Passbolt” prompt appears, even after granting all the permissions and confirming everything.
Dear @tdammers you actually pointed to a lot of issues here and I can’t respond to all of them, but we may work together to remove the most important obstacles.
You are using Android 13 and quite decent device so let’s not bother with the legacy autofill option - it may work, but you didn’t say what browser you are using so let’s assume it is Chrome for mobile. The legacy may be an option for some less popular browsers, but let’s leave this discussion for a moment.
In the Chrome Browser for Mobile you need to do disable default password manager. You can follow this instruction: Passbolt Help | How to disable your browser/mobile built-in password manager
BUT: I have recently discovered that you need to delete password stored in Chrome for a page you are willing to store in Passbolt - In a case your password is stored in Chrome it will also appear on the page (yeah - you will be catching Passbolt’s floating button as you described in the initial post )
After all that preparations your browser should work fine with the Passbolt app
BUT: the Autofill option on web has some limitations: the Android Autofill will recognise all the fields named with commonly used phrases (password, login, e-mail, and several others) but will fail on some less popular ones or custom ones. It may also fail with pages presented in not supported languages.
Another story is autofilling credentials inside application installed on Android device (app). Here it is simpler, the developer of this app needs to enable the autofill option and he needs to provide hint phrases for fields (in supported language). If this is done the Passbolt app will be able to provide credentials. I have checked for eg: LI, Netflix, FB (and other Meta stuff) and those are working.
Now the scenario should look like:
- Open supported website / app
- At this point on login/password field you should see already presented Passbolt Floating Button (on some devices you can invoke it by placing keyboard focus on the field) with “Select from Passbolt” title
- Tap it and the Passbolt app should open in Autofill mode
- You need to put the fingerprint or passphrase (and sometimes 2FA) as there is no other way to secure your passwords
- Search credentials
- Tap it
- Passbolt’s Autofill mode should be dismissed and inside the app / browser new Floating button should appear with “Fill with Passbolt” title
- Tap it and your credentials should be filled
Some other topics:
As far as I know we can’t actually place those floating buttons wherever we like. We can adjust them a bit but that’s all. In addition to that: showing and hiding the keyboard or other screen related actions may interfere and it may make the buttons to disappear or to move somewhere.
Hint - refreshing the page or killing the app will summon floating button again (the initial one: "Select From Passbolt”)
Now, having all of the above in mind let’s discuss the issue connected to the "Select From Passbolt” button. Something similar have happened on some browsers before. So can you provide a browser you are using? And can you list some of applications or web pages where those issues are more frequent?
Thanks for the extensive answer.
I’m actually using Firefox Mobile (and, for various reasons, want to keep it that way); I’ve done some more experimenting, and found the following.
- The netflix app and netflix (dot) com in Chrome do in fact work fine
- netflix (dot) com in Firefox gets stuck in a loop and never shows the “Fill With Passbolt” prompt, even after disabling autofill and making sure there are no stored passwords anywhere
- jumbo (dot) com (local grocery store) gets stuck in a loop on both browsers
- The magister (dot) net app (practically mandatory if you have kids in middle school) doesn’t work at all, but this seems to be a bug (or even deliberate sabotage) on their end; it doesn’t support Android’s built-in password autofill either.
I have, however, found a way to make netflix (dot) com on Firefox work: if I enter a valid e-mail address (doesn’t actually have to be the real one) and enough characters (4 seems to do the trick) in the password field, then the client-side validation doesn’t trigger, and both “Select from Passbolt” and “Fill with Passbolt” work as designed. The same trick also works on jumbo (dot) com, on both browsers, but only if “Select from Passbolt” is triggered on the password field, not the username/email field, and only after client-side validation has finished and rendered a green checkmark next to both fields.
Thank you for your message!
Unfortunately a lot of bugs are reported for similar issues on Firefox for Mobile. Like here, here, or reported to Mozilla repo for Firefox Mobile here and here. The later suggests to use Firefox Nightly (for developers) but IMHO this is not a secure solution for day to day use. So we would not suggest it even knowing Passbolt is working fine on Nightly.
Overall: we will be waiting to have the fix from Mozilla finished and merged from Nightly to Regular version.
You have also requested for keeping the key unlocked for a time being after leaving the app and unfortunately we can’t provide this in a near future. This is strongly connected with the security of the Passbolt app on mobile and we can’t compromise it.