Menu
I need to stop browsers from storing the username & password values, because I'm working on a web application which contains more secure data. My client asked me to do this.
I tried the autocomplete="off" attribute in the HTML form and password fields. But it is not working in the latest browsers like Chrome 55, Firefox 38+, Internet Explorer 11, etc.
What is the best solution for this?
322
Chrome. Click the Chrome menu in the toolbar and choose Settings. Click Passwords. Turn off Offer to save passwords.
Experts warn against storing passwords in Chrome after hackers target remote workers. Hackers are preying on people working from home for passwords stored in web browsers, experts claim. Keeping passwords saved in the likes of Chrome and Edge is pretty common practice and usually considered quite safe.
The Browser Security RiskThis database of passwords stored in your browser is not as secure as you might think. Depending on the browser, if hackers gained access to your computer, they could actually extract the contents of the database – and get access to ALL your private logins.
Thank you for giving a reply to me. I followed the below link
Disable browser 'Save Password' functionality
I resolved the issue by just adding readonly & onfocus="this.removeAttribute('readonly');" attributes besides autocomplete="off" to the inputs as shown below.
<input type="text" name="UserName" autocomplete="off" readonly onfocus="this.removeAttribute('readonly');" > <input type="password" name="Password" autocomplete="off" readonly onfocus="this.removeAttribute('readonly');" > This is working fine for me.
79
Trying to prevent the browser from storing passwords is not a recommended thing to do. There are some workarounds that can do it, but modern browsers do not provide this feature out-of-the-box and for good reason. Modern browsers store passwords in password managers in order to enable users to use stronger passwords than they would usually.
As explained by MDN: How to Turn Off Form Autocompletion:
Modern browsers implement integrated password management: when the user enters a username and password for a site, the browser offers to remember it for the user. When the user visits the site again, the browser autofills the login fields with the stored values.
Additionally, the browser enables the user to choose a master password that the browser will use to encrypt stored login details.
Even without a master password, in-browser password management is generally seen as a net gain for security. Since users do not have to remember passwords that the browser stores for them, they are able to choose stronger passwords than they would otherwise.
For this reason, many modern browsers do not support
autocomplete="off"for login fields:
If a site sets
autocomplete="off"for a form, and the form includes username and password input fields, then the browser will still offer to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page.If a site sets
autocomplete="off"for username and password input fields, then the browser will still offer to remember this login, and if the user agrees, the browser will autofill those fields the next time the user visits the page.This is the behavior in Firefox (since version 38), Google Chrome (since 34), and Internet Explorer (since version 11).
If an author would like to prevent the autofilling of password fields in user management pages where a user can specify a new password for someone other than themself,
autocomplete="new-password"should be specified, though support for this has not been implemented in all browsers yet.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
