W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2014

RE: Passsword managers and autocomplete='off'

From: Adrian Bateman <adrianba@microsoft.com>
Date: Fri, 3 Jan 2014 23:07:42 +0000
To: Jonas Sicking <jonas@sicking.cc>, Joel Weinberger <jww@chromium.org>
CC: Webapps WG <public-webapps@w3.org>
Message-ID: <3134dd946dab4c7b96483b5b72c1edbc@BL2PR03MB604.namprd03.prod.outlook.com>
On Thursday, December 12, 2013 1:57 PM, Jonas Sicking wrote:
> On Thu, Dec 12, 2013 at 1:45 PM, Joel Weinberger <jww@chromium.org> wrote:
> >> But it would suck if the result is that they create their own form
> >> fields using <div>s and/or contenteditable.
> >
> > That's true, although some things like that are already pretty prevalent so
> > we've come up with decent heuristics for detecting them. In the end, though,
> > they always can try obfuscation, but we think that this will, in fact,
> > benefit their users.
> Whether it benefits users or not is unfortunately less relevant than
> whether websites thinks that it benefits users. Since if they don't
> think it does, we'll end up in an escalating war of browsers and
> websites working around each other.
> >> Reaching out to banks might be good. Is that something you've looked at?
> >
> > Yes, we're definitely doing that. From our perspective, we'd be happy with
> > making the switch today, but we're trying to be good netizens and (a) give
> > fair warning, and (b) make sure we're not missing something critical.
> I'd be very interested in hearing what feedback you get. If we knew
> that banks were onboard with whatever is proposed, that would
> definitely make us more comfortable with deploying the same solution.

We agree with this approach. In IE11, we decided to stop supporting [1] the
autocomplete attribute with <input type=password> in order that we could offer
password management for more authentication forms. We never store passwords
without the user choosing to allow this when prompted for a specific site.

We haven't heard any significant negative feedback so far.



[1] http://msdn.microsoft.com/en-us/library/ie/ms533486
Received on Friday, 3 January 2014 23:08:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:56:03 UTC