"Please confirm which user you are changing the password for"

Question

So I just made a change password form for my rails app. It's just like any other very typical password change form.

So after a few times testing it out I started seeing a popup box saying

"Please confirm which user you are changing the password for"

Now this really freaked me out a bit since I know I did not write any code to do such things and I definitely do not want users to change other users' passwords.

I soon found out it was firefox's password manager. So now I'm calmed down about it, but still, I don't want this to happen to other people using my site.

How does firefox know it's changing a password anyways? Maybe it's the names of my password fields or maybe even my forms action url (/account/change_password)? Is there a way to make it not do this? Has anyone else had experience with this?

Answer 1

Users of our site will only see this error if they login with multiple accounts. I would not make a change to your application based on this behavior from firefox.

Answer 2

When users of your site log in for the first time, Firefox will ask the user whether they want to save the password or not. If they say yes, the password is saved.

Now, if the user changes their password on your site, Firefox will not know about it immediately. But when the user logs in with the new password, Firefox will recognize that the password you entered is not what it has on file. So it asks if you want to save that password.

Say the user has two accounts on your site now and they change the password to one of them. When they go to log in with that user and Firefox tries to update its records, it may ask "which user are you changing the password for?"

This is client-side functionality and isn't something you can really change. The user has chosen a browser that keeps track of their accounts and it's not something you can prevent.