We cannot detect if your account was created, please ensure you have cookies enabled

Did you use a password manager to pick your password?

I didn’t. I made my own password.

Are you able to reproduce the issue? If so what specific browser are you using?

Only in the case of manually initiating the “suggest me a password” scenario, though.

image.png1097×615 52.8 KB

This does NOT happen with typical Chrome password saves. I guess that’s stronger evidence that it is a bug in Chrome, specific to this manually right-click initiated suggest step at the time of new account creation?

Yes @riking updated the bug report to

Discourse forums broken by Chrome password generator

which definitely is correct in my testing.

Also note that this “suggest” option will not appear at all if you already have saved passwords for the domain. That makes it a pain to test, since you have to pick a Discourse at a domain you’ve never logged in to – or delete all your saved passwords for that domain.

I just created an account on this site, in Chrome, with zero issues whatsoever @sam.

I also logged out and logged in using the saved Chrome password with zero issues whatsoever.

So to be 100% clear, this bug is specific to “suggest password” in Chrome. At least if, like me, you run Chrome with stock defaults…

And also the “let chrome generate a password for you” popup box that only appears based on weird heuristics and disappears if you click in the wrong place and probably also experiment flags and also as a weird bar on mobile…

The right click is a reliable way of triggering the functionality, though.

What would you like done here? I am fairly confident I can drop the honeypot and replace it with a scheme that will be equally annoying to script kiddies

How can we quickly disable this mechanism for our site? This is the main question that worries me on the eve of the mass invitation of our partners. We could disable it until the official hotfix comes out.

P.S.: just as an idea, you could make the current algorithm optional

Nothing is necessary, per the repro the bug is in Chrome password suggestor. Best thing is for them to fix it.

Hello! I’m still wondering how we can disable this functionality right now?

You need a theme component, I recommend posting on #marketplace

Can you post instructions on how to disable this? I can make a plugin for it since we need to fix it on our instance. We are using Discourse as SSO provider and not letting our users register pretty much leaves them out of our whole infrastructure.

It doesn’t need to be a plugin.

I can write code to fix it, if that sounds better

This is a very nasty issue, users are not able to sign up. There must be some fix

I am afraid I am closing this for at least 3 more weeks to let Google have a chance at fixing this.

I hear that people are frustrated. @codinghorror’s call here is Chrome password generator is broken, Google should fix Chrome. Discourse is refusing to add a switch or setting for Discourse core unless we have actual customers that push us.

If you want to work around this it would be a 10 line theme component. Probably less.

That is … less letters than this actual post.

If you really want said theme component, post on #marketplace and I guarantee someone will build it. It would take me 15-20 minutes to build the component. Place a $2000 bounty on it I can guarantee someone will be keen to get $2000 an hour.

This topic was automatically opened after 21 days.

Im having this issue on a site i set up, figured it was me since im an amateur.

If im following correctly its been figured out but the developer wants 2k for a ten line fix or we can wait to see if Google changes their ways based on this vague issue? Does anyone have a likelihood or timeline of a resolution?

Thank you.

I didn’t read it that way. He just said if you offer $2,000 then a developer will be motivated to quickly provide a workaround Google’s Chrome bug. But nobody has offered anything to get an estimate or quote, or even tried to crowdsource this.

The Discourse team aren’t actually planning to provide a workaround for this Chrome bug unless their paying customers need it. So to take up this option might only be $1,200 ($100 per month) for a year of Discourse hosting (less possible discounts for educational, not for profit and open source sites).

The problem only occurs when “Suggest password” is selected. Maybe the envisaged solution is to remove/hide that option on the menu using a theme component.