API to disable Chrome's password manager?

[Evan Jones]

I just learned that Chrome 34 (dev channel) is going to force Chrome's password manager on for all forms (see discussion below). Any chance that we can get an extension API to disable this behaviour? I make a third-party password manager (https://www.mitro.co/ ), and we are going to be forced to do weird tricks to disable this. I'd love to see this added to the existing chrome.privacy.services api, just like the chrome.privacy.services.autofillEnabled. As it stands, we are going to be forced to do weird things to web pages to disable this, and/or instruct our users to disable this themselves.

Discussion about this change: https://groups.google.com/a/chromium.org/forum/#!msg/chromium-dev/zhhj7hCip5c/btSUM0TFF-4J

Not that my opinion matters: I actually think this is the right decision for most users. I just want an easy way to turn it off for our users, who have opted-in to a third-party app to manage passwords.

Evan

[Alexandre Barreira]

Hi Evan,

I don't see what will really change with Chrome 34, since the password manager was already used on password fields without autocomplete=off. Or were you adding such attribute on inputs to prevent chrome from filling password fields?

[Evan Jones]

On Feb 20, 2014, at 4:27 , Alexandre Barreira <abar...@gmail.com> wrote:

I don't see what will really change with Chrome 34, since the password manager was already used on password fields without autocomplete=off. Or were you adding such attribute on inputs to prevent chrome from filling password fields?

Yes, that's exactly what we were doing, and exactly what LastPass does as well. I suspect the other password managers probably play similar tricks, but I haven't examined them closely (Dashlane, 1Password, etc). With this change, on Chrome 34, user will see something that looks like the attached image. Previously, Chrome's "Save" dialog was suppressed.

There are still ways to suppress this, but they are horribly ugly and I'd rather not be forced to muck with them. I'd much rather be able to either just call chrome.privacy.services.passwordManagerEnabled.set(), just like I can with autofillEnabled(). I'd even be happy showing the user a yes/no visible prompt, with something like:

Mito would like to change the following preference: Disable password manager. Would you like to allow this change? Allow / Deny.

As of right now, our options are:

1. Muck with the HTML to work around Chrome's password manager.

2. Show users detailed directions about how to turn this off in their own preferences.

If we need to, we are going to go with #1, because most of our users won't want to follow directions carefully. Thanks,

Evan

--
Work: https://www.mitro.co/    Personal: http://evanjones.ca/