[Info-vax] OT: Autocomplete username/password
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Wed May 13 08:36:14 EDT 2015
pieter.spoelstra at portavita.nl skrev den 2015-05-13 13:40:
> I've red the bug discussion, but I don't understand it.
>
> Where's the safety in this, allowing autocomplete as default. Currently
> I'm working in a project where 2 factor authentication is introduced. So
> if username and password is simplified by autocomplete, it make 2FA
> weaker.
>
That is right. If someone else gets their hands on an *already
logedin* laptop, they can open up some random site and "autologin".
But, the only change in this bugreport, is that the site itself
can't disable autologin, if the user has disabled that in the
config. For sites that doesn't set that flag (doesn't care),
there is no change at all (for the user).
Note also that they in several places refer to this change as
to make this work as in all other browsers.
In the case of 2 factor authentication, the site can usualy never
know anyway if the password was autocompleted. The site can
request that it should not be, and the change is that the user
can config their browser to "listen" to that request or not.
B.t.w, are there not also 3rd part plugins that also does this
kind of "form completions"?
Jan-Erik.
More information about the Info-vax
mailing list