- From: Dan Poltawski <dan@moodle.com>
- Date: Wed, 1 Oct 2014 20:19:39 +0100
- To: whatwg@lists.whatwg.org
Hi All, Over the past few months all the browser vendors have moved towards ignoring autocomplete="off" with password fields. I understand the rationale behind this, but in our software project this has lead to the frustrating situation where we seem to have no good option to deal with this and the change is actively harming the security of our users. To outline the situation in broad terms: * We have shared secrets on the page which we protect against shoulder surfing by using the password element with autocomplete="off" * The password managers are now all auto-filling these fields with passwords on the same domain and in many cases without the user even noticing (optional fields they wouldn't look at) * The passwords then get stored in our shared-secret fields clear text and available to all their peers * This can then be used for privilege escalation etc It seems like our only option is avoid use of password field at all and invent our own 'fake' password field to protect our users passwords from being exposed. That seems like a really disappointing solution. (Apologies in advance if this is completely off-list, I saw some threads leading to this list and it wasn't clear to me if this sort of discussion was acceptable). cheers, Dan
Received on Wednesday, 1 October 2014 19:20:24 UTC