Question: What is Firefox?

Some websites, in particular financial institutions, prevent the Firefox password manager from saving login information. This is to protect the users from unauthorized use of the service- and support for the feature was included in Firefox as a condition of the institution's support for the browser. However, many users find this behaviour annoying, and some even argue that it forces users to use passwords shared with other sites so that they will have less passwords to remember. In any case, being a client-side application, a web browser should give ultimate control of the application to the end user. As Mozilla developers refuse to add an override option to Firefox, I had been forced to find an alternative method. Note that I don't question the developer's intentions, especially after reading about 20 bug reports on the subject. I hope that the solution I present will satisfy the end user's need of an active password management feature, and yet still satisfy the Mozilla development communities commitment to the financial institutions. I am not associated with Mozilla in any way, other than the fact that I use Firefox and have filed a few bugs. This method will not work on websites who rotate the form field names. Don't let your financial institution know that!

Things you will need:

  1. Write access to a webserver, not just the ability to open webpages stored on the local harddrive or localhost.
  2. A text editor
  3. An ftp client or other method of publishing a webpage to the server.
  4. Very basic knowledge of HTML and JavaScript. Namely, how to identify elements of each.
  5. Firefox, of course!

What you must do:

  1. Open Firefox and browse to the webpage that contains the form you wish to add to the password manager. Take note of the domain name, you will need it later. That's everything between "http://" and the next slash. For instance, BigBank.com or LittleBank.co.il
  2. Click View -> Page Source. Save this file to your computer.
  3. Search the page source for the form containing the login form. Remove everything before the form, and everything after it. Now add
    <html><body>
    at the beginning of the file and
    </body></html>
    at the end.
  4. Remove the text
    autocomplete="off"
    from wherever it appears in the form. That's usually in the Form element itself and the Input elements for the username and password.
  5. Remove all Javascript from the form. That includes
    onsubmit
    attributes,
    onchange
    attributes, and the like. Check that the submit button doesn't have a
    disabled
    attribute.
  6. Remove all
    id
    and
    value
    attributes from form elements, with the exception of
    option
    elements inside
    select
    elements.
  7. Save the page and publish it to your webserver (not local harddrive or localhost). Open the page from the webserver in Firefox.
  8. Fill out the form with the information that you'd like saved. Submit the form. The password manager should ask if you want to store the information. Click "Yes".
  9. Close Firefox.
  10. Back up and open the signons.txt file. It's located at ~/.mozilla/firefox/*.default/ in Linux and at ~/Library/Application\\ Support/Firefox/Profiles/*.default/ on Macintosh. Windows users will have to google the file location, as I wouldn't dare do this on a Windows box and I'll not tell you how.
  11. Find the name of the webserver that you used the dummy form on. Change it to the name of the real website's webserver. Save the file.
  12. Open Firefox and go to the real webpage. The form should be filled in for you. Better yet, it should prompt you for the Master Password- you are using one, right?
  13. Enjoy!

I'd love to hear about your success/ failures. Use my contact form, and send me any improvements to the method as you see them. I'll publish them here.

Update: Brian Carpenter recently let me know of a much easier way to actually enable the Firefox password manager for all websites, even those that request that the feature be disabled. In Firefox's nsLoginManager.js file, commonet out the following lines:

    if (element && element.hasAttribute("autocomplete") &&
    element.getAttribute("autocomplete").toLowerCase() == "off")
    return true;

The nsLoginManager.js file can be found in Firefox's "components" folder, which varies in location from system to system. On Linux, the command "locate nsLoginManager.js" will tell you right where it is. Thanks, Brian!

Disclaimer: Performing the steps outlined here will give anybody who users your computer (with or without your consent) access to your accounts. This includes people with physical access to your machine, as well as those who can access it remotely. Of course, this includes trojans and all forms of spyware. If you do use this method, then be sure that you use Firefox's Master Keyword feature, and make sure that your user account is secure. I don't recommend doing this on computers running Windows operating systems, as those systems are extremely vulnerable to spyware and other malicious software.

Question: What is Firefox?

Date Revised: 2008-02-24
Date Revised: 2009-04-10