Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new UndecryptablePasswords study #1165

Merged
merged 1 commit into from
Aug 10, 2024
Merged

Add new UndecryptablePasswords study #1165

merged 1 commit into from
Aug 10, 2024

Conversation

bsclifton
Copy link
Member

Enables the SkipUndecryptablePasswords feature to help users who are not able to see their logins in brave://password-manager/passwords

Fixes #1164

Main issue tracked with brave/brave-browser#33548

@bsclifton bsclifton self-assigned this Aug 8, 2024
@bsclifton bsclifton requested a review from a team as a code owner August 8, 2024 06:48
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 8, 2024
edited
Loading

✅ Test Seed Generated Successfully

To apply the test seed:

  1. Desktop: Launch the browser with --variations-pr=1165.
    Android: Set the command line to --variations-pr=1165 in debug menu, restart the browser.
    iOS: Set Variations PR to 1165 in Brave Core Switches debug menu, restart the browser.
  2. Wait 5-10 seconds to fetch the seed.
  3. Restart the browser to apply the seed.
  4. Ensure Active Variations section at brave://version starts with the expected seed version (see below).

Seed Details

Parameter Value
Version pull/1165@1004b2a3b3913b382683c993bc6bcfbbc133d090
Uploaded Thu, 08 Aug 2024 20:57:57 GMT
PR commit a7e0f9a
Base commit 4f91a05
Merge commit 1004b2a
Serial number 495c23b591d66492e548d6fd168f255a

@bsclifton bsclifton changed the title Add new UndecryptablePasswords study Add new UndecryptablePasswords study [staging] Aug 8, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 8, 2024

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "password, login" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.

szilardszaloki
szilardszaloki reviewed Aug 8, 2024
View reviewed changes
seed/seed.json Outdated Show resolved Hide resolved
@bsclifton bsclifton mentioned this pull request Aug 8, 2024
Merged
24 tasks
@goodov goodov changed the title Add new UndecryptablePasswords study [staging] Add new UndecryptablePasswords study Aug 8, 2024
@bsclifton
Add new UndecryptablePasswords study
a7e0f9a 
Enables the `SkipUndecryptablePasswords` feature to help users who
are not able to see their logins in brave://password-manager/passwords

Fixes #1164

Main issue tracked with brave/brave-browser#33548
@bsclifton bsclifton force-pushed the undecryptable-passwords branch from 026032c to a7e0f9a Compare August 8, 2024 20:56
@bsclifton bsclifton enabled auto-merge August 10, 2024 02:03
@bsclifton bsclifton disabled auto-merge August 10, 2024 18:01
@bsclifton bsclifton merged commit 8c46a2f into main Aug 10, 2024
5 checks passed
@bsclifton bsclifton deleted the undecryptable-passwords branch August 10, 2024 18:02
@kjozwiak
Copy link
Member

kjozwiak commented Aug 10, 2024
edited
Loading

Looks like we pushed out the above without verifying the actual study. Looks like @LaurenWags checked brave/brave-core#25040 via brave/brave-core#25040 (comment) & brave/brave-core#25040 (comment) so we at least didn't merge/push into production blindly.

@bsclifton
Copy link
Member Author

Just for clarification - we've been using the work-around (via CLI; but exact same code) internally since 127 launched.
--enable-features=SkipUndecryptablePasswords

Folks helping on Community have been recommending the same one since then too - we've had a ton of Community threads and Reddit posts.

Chrome has been live with the exact same feature since Jul 25 (although they did enabled the ClearUndecryptablePasswordsInSync one; which @szilardszaloki and I think is too risky)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@szilardszaloki szilardszaloki szilardszaloki approved these changes

@bbondy bbondy bbondy approved these changes

Assignees

@thypon thypon

@bsclifton bsclifton

@bcaller bcaller

Labels
needs-security-review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create UndecryptablePasswords study to help users w/ missing logins
6 participants
@bsclifton @kjozwiak @bbondy @szilardszaloki @thypon @bcaller