One of the joys of working for a government healthcare agency is having to deal with all of the paranoia around dealing with PHI (Protected Health Information). Don\'t get m
You can prevent the browser from matching the forms up by randomizing the name used for the password field on each show. Then the browser sees a password for the same the url, but can't be sure it's the same password. Maybe it's controlling something else.
Update: note that this should be in addition to using autocomplete or other tactics, not a replacement for them, for the reasons indicated by others.
Also note that this will only prevent the browser from auto-completing the password. It won't prevent it from storing the password in whatever level of arbitrary security the browser chooses to use.
Not really - the only thing you could realistically do is offer advice on the site; maybe, before their first time signing in, you could show them a form with information indicating that it is not recommended that they allow the browser to store the password.
Then the user will immediately follow the advice, write down the password on a post-it note and tape it to their monitor.
if autocomplete="off" is not working...remove the form tag and use a div tag instead, then pass the form values using jquery to the server. This worked for me.
Because autocomplete="off" does not work for password fields, one must rely on javascript. Here's a simple solution based on answers found here.
Add the attribute data-password-autocomplete="off" to your password field:
<input type="password" data-password-autocomplete="off">
Include the following JS:
$(function(){
$('[data-password-autocomplete="off"]').each(function() {
$(this).prop('type', 'text');
$('<input type="password"/>').hide().insertBefore(this);
$(this).focus(function() {
$(this).prop('type', 'password');
});
});
});
This solution works for both Chrome and FF.
The cleanest way is to use autocomplete="off"
tag attribute but
Firefox does not properly obey it when you switch fields with Tab.
The only way you could stop this is to add a fake hidden password field which tricks the browser to populate the password there.
<input type="text" id="username" name="username"/>
<input type="password" id="prevent_autofill" autocomplete="off" style="display:none" tabindex="-1" />
<input type="password" id="password" autocomplete="off" name="password"/>
It is an ugly hack, because you change the browser behavior, which should be considered bad practice. Use it only if you really need it.
Note: this will effectively stop password autofill, because FF will "save" the value of #prevent_autofill
(which is empty) and will try to populate any saved passwords there, as it always uses the first type="password"
input it finds in DOM after the respective "username" input.
I tried above autocomplete="off"
and yet anything successful. if you are using angular js my recommendation is to go with button and the ng-click.
<button type="button" class="" ng-click="vm.login()" />
This already have a accepted answer im adding this if someone cant solve the problem with the accepted answer he can go with my mechanism.
Thanks for the question and the answers.