W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2005

[whatwg] [WF2] Objection to autocomplete Attribute

From: Mikko Rantalainen <mikko.rantalainen@peda.net>
Date: Tue, 29 Mar 2005 14:06:35 +0300
Message-ID: <424936BB.1030801@peda.net>
James Graham wrote:
> Mikko Rantalainen wrote:
> 
>>My bank uses one-shot passwords for web access
> 
> Which seems to be an ideal use-case for the autocomplete attribute...

But in this case, the autocomplete isn't a *security* feature 
(though my point is, it should never be considered a security 
feature). Instead, it's an enchancement (UA will not store or 
incorrectly suggest old value as valid input) and it should make no 
difference to bank if UA supports that feature or not. No support 
means lesser user experience in this case but there's no security 
tradeoff.

Banks that *require* that UA supports autocomplete don't really 
understand the problem. (Or they understand the problem but don't 
want to fix it, instead they simply try to hide the problem.)

WF2 shouldn't require UAs to support this feature. Just a note that 
some institutions insanely want this feature is enough.

-- 
Mikko
Received on Tuesday, 29 March 2005 03:06:35 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:39 UTC