W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2005

[whatwg] [WF2] Objection to autocomplete Attribute

From: Ian Hickson <ian@hixie.ch>
Date: Wed, 30 Mar 2005 12:03:44 +0000 (UTC)
Message-ID: <Pine.LNX.4.61.0503301159020.25644@dhalsim.dreamhost.com>
On Wed, 30 Mar 2005, Lachlan Hunt wrote:
> > > > 
> > > > My bank uses one-shot passwords for web access
> 
> How does that work?  Are you issued a new password every single time you 
> login? How on earth do you remember it if it's always changing?

Instead of a password, the bank issues you with a hardware device that 
computes a one-time password that changes every minute.

To be honest, the fact that there are still banks that use PIN codes or 
passwords for Web-based access is frightening. I had rather assumed that 
there were no banks left that still did that. Certainly it has been years 
since I got an account with a bank that didn't use password generator 
devices.


> > > Which seems to be an ideal use-case for the autocomplete 
> > > attribute...
> > 
> > Indeed, I've recently asked one of my banks to add autocomplete=off 
> > because there is no point in having the browser asking users if it 
> > should remember a once-only password :-)
> 
> That's why user's can select "Never for this site" (or equivalent), so 
> they're not prompted each time.

Having the site just do it seems like better UI to me.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 30 March 2005 04:03:44 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:39 UTC