NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: CaseyR on March 30, 2018, 10:37:09 AM

Title: Turning off password autocomplete by browser
Post by: CaseyR on March 30, 2018, 10:37:09 AM

It seems that most browsers are now retrieving last used passwords and usernames automatically.  Which strikes me as a significant internal security risk.  I have previously given administrators the option of allowing 'Remember me' on login forms, but that seems to be irrelevant now.  Is there any way to instruct the browser not to save or retrieve passwords on a particular page?

Thanks.

Title: Re: Turning off password autocomplete by browser
Post by: Bruce on April 09, 2018, 10:57:35 PM

Hi Casey,

>> It seems that most browsers are now retrieving last used passwords and usernames automatically.

no, not automatically. It offers the user the option to save the password, or not. So the user makes a decision based on the machine they are on. for example on my desktop machine I want that feature to work well, at a shared machine in the library I don't save it, and so on.

This becomes especially important on mobile devices, like tablets and phones, that don't have a keyboard, because entering passwords on those can be painful. By storing the passwords where appropriate it allows the user to use longer, more random, passwords which is a security gain.

see here for more;
https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields

cheers
Bruce

Title: Re: Turning off password autocomplete by browser
Post by: CaseyR on April 10, 2018, 10:42:35 AM

Thanks, Bruce

Than makes things simpler at least.