NetTalk Central

Author Topic: Turning off password autocomplete by browser  (Read 4319 times)

CaseyR

  • Sr. Member
  • ****
  • Posts: 448
    • View Profile
    • Email
Turning off password autocomplete by browser
« on: March 30, 2018, 10:37:09 AM »
It seems that most browsers are now retrieving last used passwords and usernames automatically.  Which strikes me as a significant internal security risk.  I have previously given administrators the option of allowing 'Remember me' on login forms, but that seems to be irrelevant now.  Is there any way to instruct the browser not to save or retrieve passwords on a particular page?

Thanks.

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11251
    • View Profile
Re: Turning off password autocomplete by browser
« Reply #1 on: April 09, 2018, 10:57:35 PM »
Hi Casey,

>> It seems that most browsers are now retrieving last used passwords and usernames automatically.

no, not automatically. It offers the user the option to save the password, or not. So the user makes a decision based on the machine they are on. for example on my desktop machine I want that feature to work well, at a shared machine in the library I don't save it, and so on.

This becomes especially important on mobile devices, like tablets and phones, that don't have a keyboard, because entering passwords on those can be painful. By storing the passwords where appropriate it allows the user to use longer, more random, passwords which is a security gain.

see here for more;
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields

cheers
Bruce




CaseyR

  • Sr. Member
  • ****
  • Posts: 448
    • View Profile
    • Email
Re: Turning off password autocomplete by browser
« Reply #2 on: April 10, 2018, 10:42:35 AM »
Thanks, Bruce

Than makes things simpler at least.