Menu
Reply
Highlighted
  • 3.35K
  • 189
  • 545
chenks
Wise owl
247 Views
Message 1 of 1
Flag for a moderator

for the web developers amongst us - browsers offering to save login details

any web developers here?

it seems every browser nowadays wants to "help" the user by prompting to save the username and password when logging into a website.
great for the lazy end-user, but bad for forcing people to actually log in properly each time, and bad for enforcing password changes when the end-user forgets their password because the browser is entering it for them.

we have some website here where we are enforcing regular password changes, and due to the end-user happily clicking "yes" when chrome asks them to save the details it means every 30 days the end-user not remembering the password they chose.

so i've been looking at some code to try and block the browser prompting this. it seems that the original method of "autocomplete=off" is no longer correctly honoured by "modern" browsers, most simpy ignore it.

so a method i saw was the hide the real form fields so the browser didn't see them a a login attempt, and the method i saw and tried works with Chrome, Opera and internet explorer, but not sodding Firefox!!


also, this method appears to shows the actuall password text in the browser.

<input type="text" id="username" name="username"/>
<input type="password" id="password" name="password"/>

<form id="theForm" action="/your/login" method="post">
  <input type="hidden" id="hiddenUsername" name="username"/>
  <input type="hidden" id="hiddenPassword" name="password"/>
  <input type="submit" value="Login"/>
</form>

<script type="text/javascript" language="JavaScript">
  $("#theForm").submit(function() {
    $("#hiddenUsername").val($("#username").val());
    $("#hiddenPassword").val($("#password").val());
  });
  $("#username,#password").keypress(function(e) {
    if (e.which == 13) {
      $("#theForm").submit();
    }
  });
</script>


so has anyone come up with a solid method that works in all browsers that doesn't result in weaker security?

0 Kudos
Reply