1

So, once more the autocomplete story.. I have read the old posts, googled my ass off and this is my last resort.
Everywhere you look people are stating to use autocomplete="off" to prevent your browser from prompting to save passwords. Specially now that HTML5 has accepted it in its standards.

Unfortunately that doesn't quite work in chrome atleast

<form method="POST" action="<whateverlink>" accept-charset="UTF-8" autocomplete="off">

This does not prevent the browser prompting to store my credentials.

  • I tried emptying the fields after building up the page, no avail.
  • I tried the autocomplete="off"
  • I tried removing the outerHTML trick
  • I tried to add autocomplete="off" to all inputs through jquery after the page loaded

I know theres a trick to overwrite the background with a solid color, but seeing as I am using a gradient on my forms it still looks ugly as heck using that trick.

Google has been discussing this for years and finally they have made it so that the text color also changes.. thats something..

Reason for not letting this go is two fold.
1. its ugly as heck compared to the rest of my beautiful form
2. its convenient enough to remember usernames, why even have passwords if you're going to store them anyways..

Again sorry for starting about this subject again, the title "the everlasting story" is quite fitting hehe

Chrome Version 34.0.1847.131 m
It states its up to date :)

Pwnball
  • 611
  • 2
  • 7
  • 13
  • there's a double quote missing at the end of
    – a.benain Apr 30 '14 at 12:08
  • Have a look at this answer: http://stackoverflow.com/a/218453/1835379 – Cerbrus Apr 30 '14 at 12:10
  • Ahh good catch, but no that was just a type on stackoverflow, its not missing in my actual code :D – Pwnball Apr 30 '14 at 12:10
  • @Cerbrus guess I'm going to end up storing the actual data in seperate fields just to fool the browser.. It amazes me how many people support storing passwords because its convenient for users.. seems like a fools choice to me. I am all for convenience and storing the username is great, but why chrome feels the neccity to break athestics of a website just to notify a user fields are auto filled in and why people are so keen on storing passwords.. I will never understand :) – Pwnball Apr 30 '14 at 12:14
  • People store passwords because it's convenient, and because they consider the security on their computer sufficient for their needs. Whether they are correct on that consideration or not is another matter :) – Tim B Apr 30 '14 at 12:26

1 Answers1

1

For future references for people also brought to their knees by this issue.

It seems that the workaround works and requires minimal effort + works on any browser out there..

On my login form I have added a field with these specs:

  • display:none
  • type="password"
  • name="

Before actually submitting the form I am emptying the password field and copying its values to the "display:none" password type field with a name other than password. This throws the browser off and he does not attempt to store the password!

Thanks to Cerbrus for pointing me in that direction!

Pwnball
  • 611
  • 2
  • 7
  • 13