Re: Passsword managers and autocomplete='off'

On Thu, Dec 12, 2013 at 1:45 PM, Joel Weinberger <> wrote:
>> But it would suck if the result is that they create their own form
>> fields using <div>s and/or contenteditable.
> That's true, although some things like that are already pretty prevalent so
> we've come up with decent heuristics for detecting them. In the end, though,
> they always can try obfuscation, but we think that this will, in fact,
> benefit their users.

Whether it benefits users or not is unfortunately less relevant than
whether websites thinks that it benefits users. Since if they don't
think it does, we'll end up in an escalating war of browsers and
websites working around each other.

>> Reaching out to banks might be good. Is that something you've looked at?
> Yes, we're definitely doing that. From our perspective, we'd be happy with
> making the switch today, but we're trying to be good netizens and (a) give
> fair warning, and (b) make sure we're not missing something critical.

I'd be very interested in hearing what feedback you get. If we knew
that banks were onboard with whatever is proposed, that would
definitely make us more comfortable with deploying the same solution.

/ Jonas

Received on Thursday, 12 December 2013 21:58:18 UTC