Closed
Bug 904092
Opened 11 years ago
Closed 11 years ago
autocomplete=off for login forms
Categories
(Toolkit :: Password Manager, enhancement)
Toolkit
Password Manager
Tracking
()
RESOLVED
DUPLICATE
of bug 245333
People
(Reporter: adrian, Unassigned)
Details
Currently Firefox honors autocomplete=off for any form, including login forms, even if the password manager is protected with a master password.
While the reasoning behind this is somewhat understandable (banks being jerks and threatening to block firefox) I doubt it's still relevant nowadays - firefox is widespread enough so it's unlikely that a bank will block it for allowing users to save login credentials.
However, this use-case aside, the attribute is abused nowadays and sites where there is not a single acceptable reason to use it add it to their login for. One place where I noticed it is Gearbox Shift (https://login.shift.gearboxsoftware.com/login), a GAMING related site where you cannot even buy things or do ANYTHING else that's actually harmful.
Obviously I can remove the attribute using the developer tools but this is annoying even though it only need to be done once per site.
For this reason I think the autocomplete=off handling should be reconsidered when the password manager is involved. Some possible options would be:
- Completely ignore autocomplete=off for login forms.
- Completely ignore it but only if a master password is set. For enhanced security, the master password could be prompted again to actually autocomplete the password for that form (should have an about:config option though).
- When autocomplete=off is set, show a different "save password?" prompt. It could mention that the site discourages saving the password and ask the user if he really wants to do so.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Component: General → Password Manager
Product: Firefox → Toolkit
Resolution: --- → FIXED
Version: unspecified → Trunk
Comment 2•11 years ago
|
||
Yes, this is a dupe of the first bug that Loic mentioned. Discussing revisiting this behaviour would happen on https://mail.mozilla.org/listinfo/firefox-dev
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•