-1

I am creating a web application which has a Login feature included.

I am aware of chrome extensions which allow the auto filling of credentials, such as "LastPass".

I really dislike seeing this feature which I believe is a security issue.

Is there anyway I can disable extensions like that from functioning on my website?

halfer
  • 18,701
  • 13
  • 79
  • 158
user3495256
  • 153
  • 1
  • 12
  • 1
    possible duplicate of [Disabling Chrome Autofill](http://stackoverflow.com/questions/15738259/disabling-chrome-autofill) – Mario Mar 08 '15 at 17:57
  • 3
    The solution is don't. It's the users computer and they can install the extensions they want. – abraham Mar 08 '15 at 18:40
  • Programs like LastPass and 1Password generally encourage users toward better passwords, often randomly-generated, and using different passwords per site. What are the security issues you have in mind? (Also, bear in mind that these programs can still be used to store the password to your site; you'll just be annoying the users by making them have to type/paste them in manually.) – Matt Gibson Mar 08 '15 at 19:03

1 Answers1

1

In general, this is impossible.

First off, you can't prevent an extension from executing a Content Script on your site.

Second, there are both standard and hacky ways of disabling autofill, but those extensions are specifically designed to bypass as many of those restrictions as possible, trying to guess what the real fields to remember are. This is an escalating arms race, and you don't want to get involved.

Lastly, comments raise a valid point - this is client software (browser configured in a certain way) talking to your server. How that client software works is not your concern, and not in your control. What if by using tricks to confuse autofillers you are seriously hurting accessibility of your site? What if you're annoying users?

Community
  • 1
  • 1
Xan
  • 66,873
  • 13
  • 150
  • 174