Modern browsers save passwords. Which criteria affect this decision?
Background:
I have a registration page with the following form:
    <form action="/BlaBla/Account/Register" method="post">
    <div>
        <fieldset>
            <legend>Account Information</legend>
            <p>
                <label for="username">
                    Username:</label>
                <input id="username" name="username" type="text" value="" />
            </p>
            <p>
                <label for="email">
                    Email:</label>
                <input id="email" name="email" type="text" value="" />
            </p>
            <p>
                <label for="invitationCode">
                    Invitation Code:</label>
                <input id="invitationCode" name="invitationCode" type="text" value="" />
            </p>
            <p>
                <label for="securityQuestion">
                    Security question:</label>
                <input id="securityQuestion" name="securityQuestion" type="text" value="" />
            </p>
            <p>
                <label for="securityAnswer">
                    Security answer:</label>
                <input id="securityAnswer" name="securityAnswer" type="text" value="" />
            </p>
            <p>
                <label for="password">
                    Password:</label>
                <input id="password" name="password" type="password" />
            </p>
            <p>
                <label for="confirmPassword">
                    Confirm password:</label>
                <input id="confirmPassword" name="confirmPassword" type="password" />
            </p>
            <p class="buttons">
                <input type="submit" value="Register" />
            </p>
        </fieldset>
    </div>
    </form>
Mozilla seems to think that the fields securityAnswer and password are the user/pw fields, with awkward consequences (security answer stored as username is bad).
All modern web browsers come with a built-in password manager that offers to store your login credentials, with varying degrees of security encryption. For instance, user passwords on Chrome are protected by AES encryption, and the encryption key is secured by a separate API, which is the Windows Data Protection API.
The encrypted passwords are stored in a sqlite database located at "%APPDATA%\.. \Local\Google\Chrome\User Data\Default\Login Data".
Note: Any forms involving sensitive information like passwords (such as login forms) should be served over HTTPS. Many browsers now implement mechanisms to warn against insecure login forms; see Insecure passwords.
I'd guess it assumes the field above 'password' is the username. You could try re-ordering them.
Also, Internet Explorer's "remember password" feature doesn't remember your passwords if you have more than 2 fields in your form.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With