Turning off password autocomplete by browser

[CaseyR]

It seems that most browsers are now retrieving last used passwords and usernames automatically.  Which strikes me as a significant internal security risk.  I have previously given administrators the option of allowing 'Remember me' on login forms, but that seems to be irrelevant now.  Is there any way to instruct the browser not to save or retrieve passwords on a particular page?

Thanks.

[Bruce]

Hi Casey,

>> It seems that most browsers are now retrieving last used passwords and usernames automatically.

no, not automatically. It offers the user the option to save the password, or not. So the user makes a decision based on the machine they are on. for example on my desktop machine I want that feature to work well, at a shared machine in the library I don't save it, and so on.

This becomes especially important on mobile devices, like tablets and phones, that don't have a keyboard, because entering passwords on those can be painful. By storing the passwords where appropriate it allows the user to use longer, more random, passwords which is a security gain.

see here for more;
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields

cheers
Bruce

[CaseyR]

Thanks, Bruce

Than makes things simpler at least.