Re: [whatwg] Password managers ignoring autocomplete='off' harming security from Peter Kasting on 2014-10-02 (public-whatwg-archive@w3.org from October 2014)

From: Peter Kasting <pkasting@google.com>
Date: Wed, 1 Oct 2014 18:16:39 -0700
To: Dan Poltawski <dan@moodle.com>
Cc: WHATWG <whatwg@lists.whatwg.org>, Gavin Sharp <gavin@gavinsharp.com>
Message-ID: <CAAHOzFDb2EZUpkFQ47RcgY8xtWnvUyGM8Eu4ewhrTyeWiLPYDg@mail.gmail.com>

On Wed, Oct 1, 2014 at 6:12 PM, Dan Poltawski <dan@moodle.com> wrote:

> Note a more traditional example of this which might affect more sites
> is something like a 'create new user' form where the password would be
> erroneously set to the password of the user who is creating the
> accounts.

I know the Chrome password folks considered that specific case, but I'll
have to let them speak to how they addressed it.

PK

Received on Thursday, 2 October 2014 01:17:03 UTC