Closed Bug 249801 Opened 21 years ago Closed 4 years ago

Ability to export/backup saved passwords

Categories

(Firefox :: about:logins, enhancement, P2)

Product:
Firefox
Component:
about:logins
Type:
enhancement

Tracking

()

Status:
VERIFIED FIXED
Milestone:
Firefox 78
Project Flags:
user-doc-firefox docs-needed
Tracking Flags:
Tracking Status
firefox78 --- disabled
firefox79 --- verified

People

(Reporter: sanderhartveld, Assigned: petcuandrei)

References

Details

Attachments

(2 files)

Bug 249801 - Add a module to export logins to a CSV file. r=MattN,fluent-reviewers
(deleted), text/x-phabricator-request
Details
initial_draft_ui.gif
(deleted), image/gif
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040626 Firefox/0.8 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040626 Firefox/0.8 It should be nice if a button shows in the password manager that gives the functionallity to export/backup saved passwords to a file. Reproducible: Couldn't Reproduce Steps to Reproduce:
Similar to bug 208338.
*** Bug 250681 has been marked as a duplicate of this bug. ***
Hardware/OS both changed to ALL
OS: Windows XP → All
Hardware: PC → All
Ok, because bug 250681 is considered a dupe, I recommend to use a 'portable' format for the external file and request an additional function to _reimport_ the data. :-)
*** Bug 277138 has been marked as a duplicate of this bug. ***
*** Bug 284259 has been marked as a duplicate of this bug. ***
Status: UNCONFIRMED → NEW
Ever confirmed: true
This data is stored in your profile. Backing it up is something that very few users would need or want, hence, this is an extension. See http://www.pikey.me.uk/mozilla/?addon=bb (even though it's called Bookmark Backup, it includes options to backup other profile data also.)
Mass edit: Changing QA to default QA Contact
QA Contact: davidpjames → password.manager
(In reply to comment #8) > This data is stored in your profile. Backing it up is something that very few > users would need or want, hence, this is an extension. See > http://www.pikey.me.uk/mozilla/?addon=bb (even though it's called Bookmark > Backup, it includes options to backup other profile data also.) > I would have to question your observation that very few users would need ot back up their passwords. I should think that everyone needs their passwords backed up, whether they know it or not. The loss of all of one's passwords is a terrible loss which should be considered avoidable or preventable. The point of a good browser should be that it takes care of thing seemlessly or in a manner that is transparent to the user. As the vast majority of users do not know much about profiles, manually backing them up is not likely to happen. The extensions are good as far as they go, but I believe that backing up essential data should be a basic function of a brower...this is supposed to be a better mouse trap isn't it? Regards
Assignee: bryner → nobody
Version: unspecified → Trunk
Depends on: 22689
Backing up passwords and the like is rather easy (although not format-independent): https://stier.dynu.com/~moinmoin/MarksWiki/Firefox#head-2b4e2fc47a07161d5e4e31c4da82a078fbecea86
Blocks: 376682
Other available options: Password Exporter extension: https://addons.mozilla.org/en-US/firefox/addon/2848 Mozilla Labs' "Weave" will support password syncing between computers in the next version: http://labs.mozilla.com/2007/12/introducing-weave/
Grant! Thanks a lot!
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WORKSFORME
Actually, I want to leave this bug open for now... I think adding import/export to the core product might be a good idea. (Or might not be, based on availability of extensions -- just not ready to make a final decision right now).
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Product: Firefox → Toolkit
Should bug 180582 be duped to this, even though it's older?
Whiteboard: [passwords:management]
Priority: -- → P5
I had opened https://bugzilla.mozilla.org/show_bug.cgi?id=1444769 detailing the need for similar functionality. I realize that this is an incredibly old ticket, but could it be updated to also include IMPORTING of the backed up passwords? I also realize that some might consider this to be pedantic considering that we're talking about related functionalities and that importing could almost be implied in the requirement. But we all know what they say about assuming... Anyway, I would really hate for this to finally be worked on, only to then have it done half-@$$ed by not having IMPORT to go with EXPORT simply because it wasn't spelled out in the description... If a mod / OP could update, that'd be much appreciated.
Just want to add a couple things: Google Chrome now has the ability to export passwords. Does this mean chrome respects user freedom more than Firefox? Firefox is now completely unable to export passwords. There are no addons compatible with Firefox Quantum which enable the export of Firefox passwords. Even if there were, exporting passwords should be a core feature of Firefox, not something which depends on an addon.
There are tools which can decrypt logins.json so this is possible outside of the Firefox UI.
Status: REOPENED → NEW
Summary: add ability to export/backup saved passwords → Ability to export/backup saved passwords
Since import/export of logins is not something you do every day, I wouldn't mind an external tool. But instead of an Electron/node app (such as https://github.com/kspearrin/ff-password-exporter) it should be a Mozilla-supported tool. In addition, there is code posted at https://support.mozilla.org/en-US/questions/1077630#answer-834769 that allows to export the saved logins to a file -- but it has to be run from the browser console -- the existence of such code means it **really easy** to export passwords from inside Firefox and it's probably an intended omission -- but why?

I would really love this as well. Ideally just a button or two under/in the saved passwords button. A simple json dump is fine and if I have to toggle something is about:config to enable this so be it.

Component: Password Manager → about:logins
Product: Toolkit → Firefox
Version: Trunk → unspecified

Mass removing [skyline] and [passwords:management] from about:logins bugs which are no longer useful.

Whiteboard: [passwords:management]
Priority: P5 → P3

(In reply to Danny Colin [:sdk] from comment #29)

Lockwise needs a Firefox Account and even if it's made by Firefox, it implies that your password will be sync'ed to an online service. I don't think we should force a user to use a cloud service for that kind of sensitive information.

While I agree in principle (and Firefox gives one the choice to turn off Firefox Sync), Firefox Sync is very private---it is just as private as sync services used by other password managers---the passwords are encrypted locally using your master password and only then sent to the servers. In other words, no plaintext password leaves your computer.

(In reply to sanketh from comment #32)

While I agree in principle (and Firefox gives one the choice to turn off Firefox Sync), Firefox Sync is very private---it is just as private as sync services used by other password managers---the passwords are encrypted locally using your master password and only then sent to the servers. In other words, no plaintext password leaves your computer.

Yes I learned about the passwords being encrypted locally a few weeks after my comment ;). However, the article doesn't mention the master password.

(In reply to Danny Colin [:sdk] from comment #33)

Yes I learned about the passwords being encrypted locally a few weeks after my comment ;). However, the article doesn't mention the master password.

I meant to say the account password. Sorry about that, other password managers use the term "master password" so my mind jumped to it. :-)

(In reply to sanketh from comment #32)

(In reply to Danny Colin [:sdk] from comment #29)

Lockwise needs a Firefox Account and even if it's made by Firefox, it implies that your password will be sync'ed to an online service. I don't think we should force a user to use a cloud service for that kind of sensitive information.

While I agree in principle (and Firefox gives one the choice to turn off Firefox Sync), Firefox Sync is very private---it is just as private as sync services used by other password managers---the passwords are encrypted locally using your master password and only then sent to the servers. In other words, no plaintext password leaves your computer.

The export/backup option is not about how secure or not sync is. I trust the mozilla team and I trust that sync is in a good place. This is about the portability of my data. Should I need or want to export my accounts and passwords I am currently unable to do so and I would like a way to back them up myself.

All that said; thank you for lockwise. I do really enjoy the new password management in firefox :)

In terms of UI we would want to add a menu item to the meatball menu in the top-right of about:logins.

My main open question is the file format, CSV seems to be the standard, but the naming of the columns needs to be determined. One hurdle will be figuring out how to handle formActionOrigin and httpRealm in the export file. Do any other password managers import those? I believe Chrome uses both but idk if they export them.

I would like to pick this up but since good is better than perfect I would like to first focus on the most high value thing: export passwords. I see comments regarding exporting everything, importing passwords, changing structure and so on. I would like to implement a meatball menu in about:logins that just exports the passwords. I will look into other password managers and post here what formats they prefer. Trying not to re-invet the wheel here.

Does it sound good? Should I just assign this to myself? This would be my first contribution to Firefox so I guess I will need some mentoring. I'll try not to spam the #lockwise Riot room too much :D

It turns out that exporting was really really trivial (hope I'm on the right track here).

I have a few questions:

  • what fields to I export? Here is the full list: guid, timeCreated, timeLastUsed, timePasswordChanged, timesUsed, username, password, origin, displayOrigin, hostname, formActionOrigin, formSubmitURL, httpRealm, usernameField, passwordField, title;
  • do I keep the field names as they are?
  • should Import be idempotent? Should existing entries rely on guid to replace the same entity in from a previous export?
  • how should the import look like? Meatball menu and open csv dialog?

https://phabricator.services.mozilla.com/D75716

Attached image initial_draft_ui.gif (deleted) —

I cannot assign this ticket to me.
What Icons should I use for export and import? I see there is an "import" icon and an "import export" https://design.firefox.com/icons/viewer/ are they fit for this or should I use others?

Andrei,

What fields appear in your export?

As a baseline, this is what Chromium exports on my machine:

name,url,username,password
slickdeals.net,https://slickdeals.net/forums/login.php,test,passwords
Assignee: nobody → petcuandrei

my patch has url, user, password. I want to add more with guid at least. Not sure about the other fields.

Matt, what if we export/import all the fields?
I expect that if I make a backup, mess up my profile and import from backup to have ALL my data exactly how it was before.
Looking into what fields other password managers save is not useful for this task. It's useful only for importing from other password managers.

Flags: needinfo?(MattN+bmo)

FWIW, I think it is fine for Firefox import/export to be a superset of what other password managers provide, but I think it would be useful to maintain equivalence on column names (when possible) with other password manager exports to ease migration.

It would be ideal if Firefox would ignore unrecognized column names when importing to maintain compatibility (for example, if importing from Bitwarden or Chromium).

Having different column names complicates the code. If the Firefox code has "origin", mapping it to "url" when exporting and then back from "url" to "origin" is code that brings no value. What if Chrome decides to rename their exports to "address".

I think this sort of mapping should be in only one place: import from other tool into Firefox. There should be a importFromChrome(), importFromBitwarden(), importFromLastpass() and they should actually keep these mapings.

Not sure who has authority on this sort of decisions. Tons of people are following and commenting here.

Another question: should I ask for master password during export/import?

KeepassXC uses "Group","Title","Username","Password","URL","Notes". I assume most programs don't care about the case, so using url, username, password like Chrome makes sense to me. I think doing some minimal mapping on this data for compatibility with other programs would be useful.

Not having anything to do with this but i do agree with petcuandrei: if we keep following others nomenclature we'll be always be playing "chase", because, as we all now, Google, for example, has a long history of changing things just for the sake of changing them (and break competition's tools in the meanwhile). So i don't think i feel like running to chase others...

As for asking for master password during export/import, from my point of view, i would say "absolutely"!
I don't want my passwords exported in seconds by some "friend" while i use the WC.
LOLOL

Status: NEW → ASSIGNED
Depends on: 1639348
Attachment #9149718 - Attachment description: Bug 249801 initial draft of the export passwords → Bug 249801 export passwords

For transparency: I've been talking with the assignee on chat and in Phabricator for the last few days. Just now getting around to answering some other questions here.

(In reply to petcuandrei from comment #37)

I would like to pick this up but since good is better than perfect I would like to first focus on the most high value thing: export passwords.

Good, this bug is only about export but we need to be able to import our own export so keeping import in mind is helpful.

I will look into other password managers and post here what formats they prefer. Trying not to re-invet the wheel here.

That's good. Less mapping of column names and formats will be nice. If you don't research this now we will regret it later.

(In reply to petcuandrei from comment #39)

It turns out that exporting was really really trivial (hope I'm on the right track here).

Yes, it's technically trivial. The hardest part is researching column names/formats so that our import code doesn't need to special case for each source application.

I have a few questions:

  • do I keep the field names as they are?

If a popular password manager already has appropriate names for the same data it may be useful to align with them. Note that some password managers use full URLs but currently we store origins.

  • should Import be idempotent?

Ideally, yes, at least for the non-metadata fields (origin/username/password)

Should existing entries rely on guid to replace the same entity in from a previous export?

LoginHelper.maybeImportLogins can already update existing logins for import from other browsers using the combination of ( login.origin, login.formActionOrigin, login.httpRealm) but if we could also use the GUIDs if they exist. This is a problem we don't need to worry about in this bug, only in bug 1303176 (which can also handle our own CSV files), but it's fine to export the GUID.

  • how should the import look like? Meatball menu and open csv dialog?

Let's leave that for bug 1303176.

(In reply to petcuandrei from comment #44)

Matt, what if we export/import all the fields?

That's okay but I agree with Tom and Asif that we should try and re-use existing column names where it's possible and helpful.

I expect that if I make a backup, mess up my profile and import from backup to have ALL my data exactly how it was before.

I agree for the most part. Though for that use case you can backup the values encrypted instead (logins.json + key4.db).

Looking into what fields other password managers save is not useful for this task. It's useful only for importing from other password managers.

It's useful for making our import code simpler so we don't need to handle importing our own file format significantly differently than other CSV files.

(In reply to petcuandrei from comment #46)

Having different column names complicates the code. If the Firefox code has "origin", mapping it to "url" when exporting and then back from "url" to "origin" is code that brings no value. What if Chrome decides to rename their exports to "address".

It will make it easier for people to import the Firefox CSV in other password managers that already handle those column names. Doing the mapping on export means on less mapping to handle on import if we already need that mapping to support existing CSV in the wild.

I think this sort of mapping should be in only one place: import from other tool into Firefox. There should be a importFromChrome(), importFromBitwarden(), importFromLastpass() and they should actually keep these mapings.

I don't think we will need functions specific to each application, I'm hoping the column name should be sufficient with some transformations on the data value.

Not sure who has authority on this sort of decisions. Tons of people are following and commenting here.

I will review the code :)

Another question: should I ask for master password during export/import?

Yes, use the helper we will land in bug 1639347 which will handle using master password or the OS auth. (if enabled)

Thanks for working on this :)

Severity: normal → N/A
Depends on: 1639347
Flags: needinfo?(MattN+bmo) → qe-verify+
Priority: P3 → P2

Thank you for the aggregated response here + the motivation behind each choice!

Hi Andrei,
I just chatted with MattN - here's where we got...
• Use Save Dialog (not the Download dialog)
• Window Title: for Save dialog - "Export Logins File" (matches what we do for export bookmarks)
• default filename "logins.csv"
• Menu order:

  1. Import...
  2. Export...
  1. Preferences

(In reply to katieC from comment #51)

• Use Save Dialog (not the Download dialog)
• Window Title: for Save dialog - "Export Logins File" (matches what we do for export bookmarks)
• default filename "logins.csv"

For this you can use code like the bookmark HTML export. To filter to CSV use appendFilter.

(In reply to petcuandrei from comment #53)

Which icon? share https://phabricator.services.mozilla.com/D75716#2314515 or save? https://bugzilla.mozilla.org/show_bug.cgi?id=1639348#c1

For this bug I don't think it matters, as we can swap it later, but save seems slightly better IMO. (chrome://browser/skin/save.svg)

Flags: needinfo?(kcaldwell)
Depends on: 1641391
No longer depends on: 1639347
Depends on: 1641393
Depends on: 1641396
Attachment #9149718 - Attachment description: Bug 249801 export passwords → Bug 249801 - Add a module to export logins to a CSV file. r=MattN
Blocks: 1641777
Pushed by mozilla@noorenberghe.ca: https://hg.mozilla.org/integration/autoland/rev/863025bf6b1c Add a module to export logins to a CSV file. r=MattN,fluent-reviewers

https://hg.mozilla.org/mozilla-central/rev/863025bf6b1c

Status: ASSIGNED → RESOLVED
Closed: 17 years ago4 years ago
status-firefox78: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 78

Thank you very much for fixing this bug.

FYI for others that this menu item is hidden for now until we fix some of the follow-up bugs.

status-firefox78: fixeddisabled
Attachment #9149718 - Attachment description: Bug 249801 - Add a module to export logins to a CSV file. r=MattN → Bug 249801 export passwords
Attachment #9149718 - Attachment description: Bug 249801 export passwords → Bug 249801 - Add a module to export logins to a CSV file. r=MattN,fluent-reviewers

+1 on the thanks :)

(In reply to Matthew N. [:MattN] from comment #57)

FYI for others that this menu item is hidden for now until we fix some of the follow-up bugs.

This should be enabled sometime tomorrow.

Release Note Request (optional, but appreciated)
[Why is this notable]: Long-awaited feature (16 years) with 42 CCs and 17 votes. We get regular requests on Reddit and GitHub for this.
[Affects Firefox for Android]: No
[Suggested wording]: Logins and passwords can now be exported to a CSV file.
[Links (documentation, blog post, etc)]: None yet. Andrei will work on a blog post for the Nightly blog.

Note we are hoping to also get CSV import (bug 1641777) in the same release and then we can combine the relnotes.

relnote-firefox: --- → ?

I have verified this issue using the latest Firefox Nightly 79.0a1 (Build ID: 20200604220012) on Windows 10 x64 1909, Ubuntu 18.04, Mac 10.14.6, Windows 7 x64, Windows 8.1 x32.

  • The logins can be successfully exported to a CSV file using the "Export logins..." option from the menu.
  • In order to verify this we have used the following scenarios:
    • Using a profile in which you are not logged in to Sync and have multiple logins saved.
    • Using a profile in which you are logged in to Sync and have many logins including breached and vulnerable accounts.
Status: RESOLVED → VERIFIED
status-firefox79: fixedverified
Flags: qe-verify+

New SUMO article created for this: https://support.mozilla.org/en-US/kb/export-login-data-firefox-lockwise

This has been marked for localization for the Firefox 78 release. Please let me know any edits, or feel free to directly edit the article itself in SUMO.

(In reply to Angela Lazar from comment #61)

This has been marked for localization for the Firefox 78 release.

Hello, thank you. This should be for Firefox 79 as it's marked firefox78: disabled

Some comments:

If you want to move your saved usernames and passwords to a different application

Delete this file when finished.

I think this document isn't covering the other main use case for exporting to a CSV: backing up their logins without the intention to use another password manager.

You will be prompted to enter your operating system password

If they have MP set up then it will ask for that instead.

Thanks again

Flags: needinfo?(anlazar)

(In reply to Matthew N. [:MattN] from comment #62)

(In reply to Angela Lazar from comment #61)

This has been marked for localization for the Firefox 78 release.

Hello, thank you. This should be for Firefox 79 as it's marked firefox78: disabled

Some comments:

If you want to move your saved usernames and passwords to a different application

Delete this file when finished.

I think this document isn't covering the other main use case for exporting to a CSV: backing up their logins without the intention to use another password manager.

You will be prompted to enter your operating system password

If they have MP set up then it will ask for that instead.

Thanks again

I have a revision pending review. See https://support.mozilla.org/en-US/kb/export-login-data-firefox-lockwise/history

Thanks Alice, I approved your revision.

Matt let me know if any further changes need to be made.

Flags: needinfo?(anlazar)

Alice's changes look good. Thanks

Regressions: 1646955
Depends on: 1648367

Added to the Beta79 relnotes.

relnote-firefox: ?79+

(In reply to Ryan VanderMeulen [:RyanVM] from comment #66)

Added to the Beta79 relnotes.

Ugh, sorry, you beat me to following up on this flag… can we remove it for now as we want to wait to promote it with import (bug 1303176) in Fx80? Sorry about that… we just decided last week to ship without promoting.

relnote-firefox: 79+ → ---
Flags: needinfo?(ryanvm)

Removed, should be live in the next 15-20min.

Flags: needinfo?(ryanvm)
No longer depends on: 1651061
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: