- From: Mikko Rantalainen <mikko.rantalainen@peda.net>
- Date: Tue, 29 Mar 2005 14:06:35 +0300
James Graham wrote: > Mikko Rantalainen wrote: > >>My bank uses one-shot passwords for web access > > Which seems to be an ideal use-case for the autocomplete attribute... But in this case, the autocomplete isn't a *security* feature (though my point is, it should never be considered a security feature). Instead, it's an enchancement (UA will not store or incorrectly suggest old value as valid input) and it should make no difference to bank if UA supports that feature or not. No support means lesser user experience in this case but there's no security tradeoff. Banks that *require* that UA supports autocomplete don't really understand the problem. (Or they understand the problem but don't want to fix it, instead they simply try to hide the problem.) WF2 shouldn't require UAs to support this feature. Just a note that some institutions insanely want this feature is enough. -- Mikko
Received on Tuesday, 29 March 2005 03:06:35 UTC