Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Disable browser 'Save Password' functionality

One of the joys of working for a government healthcare agency is having to deal with all of the paranoia around dealing with PHI (Protected Health Information). Don't get me wrong, I'm all for doing everything possible to protect people's personal information (health, financial, surfing habits, etc.), but sometimes people get a little too jumpy.

Case in point: One of our state customers recently found out that the browser provides the handy feature to save your password. We all know that it has been there for a while and is completely optional and is up to the end user to decide whether or not it is a smart decision to use or not. However, there is a bit of an uproar at the moment and we are being demanded to find a way to disable that functionality for our site.

Question: Is there a way for a site to tell the browser not to offer to remember passwords? I've been around web development a long time but don't know that I have come across that before.

Any help is appreciated.

like image 740
mattsmith321 Avatar asked Aug 28 '08 14:08

mattsmith321


People also ask

How do I stop my browser from asking to save Passwords?

To stop Chrome from asking to save your passwords: Open Chrome, then tap and choose Settings. Tap Passwords. Turn off “Save passwords”.

What does do not allow autocomplete to save Passwords?

Tap on the three dot menu icon. Tap Settings. Tap Save passwords. Slide Save passwords off.


1 Answers

I'm not sure if it'll work in all browsers but you should try setting autocomplete="off" on the form.

<form id="loginForm" action="login.cgi" method="post" autocomplete="off"> 

The easiest and simplest way to disable Form and Password storage prompts and prevent form data from being cached in session history is to use the autocomplete form element attribute with value "off".

From https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

Some minor research shows that this works in IE to but I'll leave no guarantees ;)

@Joseph: If it's a strict requirement to pass XHTML validation with the actual markup (don't know why it would be though) you could theoretically add this attribute with javascript afterwards but then users with js disabled (probably a neglectable amount of your userbase or zero if your site requires js) will still have their passwords saved.

Example with jQuery:

$('#loginForm').attr('autocomplete', 'off'); 
like image 97
Markus Olsson Avatar answered Nov 25 '22 03:11

Markus Olsson