User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36

Steps to reproduce:

• Go to Lockwise
• Click on "create new login"
• Enter a website address and a login, but leave the password field empty
• Click on "save"

Actual results:

An error message requires the user to fill in the password field

Expected results:

The login and website address would be saved as an entry in Lockwise without the need for a password.

Context:

• I am using an online vault which used to store my logins and passwords and would automatically fill them in Firefox via an extension.
• With regards to passwords, I have transitioned to a local password manager. Part of the goal was to separate logins from passwords, for security purposes. I appreciate the online vault still filling in my logins, and I manually copy/paste my passwords.
• I am now seeking to phase out the online vault and have the logins saved in Lockwise (without passwords). This is currently impossible. It seems surprising that users would not be given the possibility to save just their logins in Lockwise.

The Bugbug bot thinks this bug should belong to the 'Toolkit::Password Manager' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Right now the password manager is oriented around storing credentials with usernames and other metadata around them. So it doesnt really make sense currently to not store a password with a saved login. Perhaps you could use a dummy password value?

However, I'll leave this suggestion on file for consideration as we plan our next steps.

(In reply to Sam Foster [:sfoster] (he/him) from comment #2)

Right now the password manager is oriented around storing credentials with usernames and other metadata around them. So it doesnt really make sense currently to not store a password with a saved login. Perhaps you could use a dummy password value?

However, I'll leave this suggestion on file for consideration as we plan our next steps.

Thanks for your message. Unfortunately, this proposal isn't particularly convenient, as adding many addresses/logins/passwords manually through Lockwise is quite cumbersome. It is slightly easier to do it straight from the website in question while logging in. But then, this means activating the storage of logins/passwords, recording a false login/password combination, and then entering the right combination while refusing to overwrite the existing password.

I see how the current system was designed primarily with passwords in mind, but I would argue that a number of privacy-minded folks would appreciate an easy way to store either their logins or their passwords, but not necessarily both. From this perspective, it would be good for Lockwise to allow the storage of just one of those two elements, as well as to allow users to choose whether they wish to record logins and/or passwords when they browse, and not necessarily both. For all I care, this can be an option in about:config (and not something easily available to all), as long as there is a way to tell the browser only to record logins and not passwords. I hope this makes sense. It would go a long way in making logging in easier (especially with hundreds of emails/logins for hundreds of different websites).

Storing the username only is a very effective protection against phishing. This is defintively a must have.
Having to enter a fake password is a real annoyance.