Hi,

the add new user / edit new user form(s), when submitted through a browser such as firefox3, when the submission happens the browser offers to remember the password (of a new user or an edited user where the password has been changed). if the user accepts to remember this password, unfortunately the browser only remembers the first password field this means when the user administrator edits a user one password is pre-filled by the browser, probably the wrong password.

This gives three bad impressions / usability issues.
1)The user administrator if this is not explicitly covered in training (!) thinks that each time the user is altered they have to change the password of the user, and then manually notify that user of the password change.
2) The annoyance of having to remember to remove the singly entered password from the edit form's 1st password field if the administrator does not want to change the users password
3) The final annoyance that if the admin does want to change the password of the user that the administrator has to remember to retype the first one even though it is filled into the password box. (remember that XP now obfuscates the _length_ of the password displayed in various dialogues, so users are starting to expect password fields to not contain a length of dots that is equivalent to the length of characters in a password.

Thanks for thinking about this issue.

Richard

Comments

vkareh’s picture

vkareh CreditAttribution: vkareh commented
Version: 6.9 » 6.x-dev
Assigned: Unassigned » vkareh

I have had the same issue in the past. I solved it by creating a module that uses jQuery to clear the password field on user edit forms. I see this as an important usability issue, since the saved password on the wrong form can make user admins accidentally change other users' passwords to that of their own.

I decided to publish the module, but I'm thinking of submitting a patch for Drupal core if there is enough interest.

Here it is: http://drupal.org/project/clear_password_field

seddonym’s picture

seddonym CreditAttribution: seddonym commented

Yes I ran into this issue, it's confusing because even if you delete the autocompleted password the jquery validation still tells you it's a 'weak' password.

At the very least, some descriptive text saying that you can leave the password fields blank if you don't want to change the password might be an improvement.

rafamd’s picture

rafamd CreditAttribution: rafamd commented
Status: Active » Closed (duplicate)

Marking this as duplicate in favor of #787876: Edit "My Account" fills the first password field. I guess it's going to be easier to track the whole issue there and come up with a fix for D6, 7 and 8.

rafamd’s picture

rafamd CreditAttribution: rafamd commented
Status: Closed (duplicate) » Active

After taking a look at the clear password field module, I doubt if this is the same issue we are facing over there. So, leaving open and allowing you guys to mark as duplicate if you think that's the case.

swentel’s picture

swentel CreditAttribution: swentel commented
Status: Active » Closed (duplicate)

It's really the same, only not yet fixed.