Disable browser 'Save Password' functionality

前端 未结 30 3360
失恋的感觉
失恋的感觉 2020-11-21 23:29

One of the joys of working for a government healthcare agency is having to deal with all of the paranoia around dealing with PHI (Protected Health Information). Don\'t get m

相关标签:
30条回答
  • 2020-11-22 00:03

    This is my html code for solution. It works for Chrome-Safari-Internet Explorer. I created new font which all characters seem as "●". Then I use this font for my password text. Note: My font name is "passwordsecretregular".

    <style type="text/css">
             #login_parola {
                 font-family: 'passwordsecretregular' !important;
                -webkit-text-security: disc !important;
                font-size: 22px !important;
             }
        </style>
    
    
    <input type="text" class="w205 has-keyboard-alpha"  name="login_parola" id="login_parola" onkeyup="checkCapsWarning(event)"  
       onfocus="checkCapsWarning(event)" onblur="removeCapsWarning()" onpaste="return false;" maxlength="32"/>
    
    0 讨论(0)
  • 2020-11-22 00:04

    If you do not want to trust the autocomplete flag, you can make sure that the user types in the box using the onchange event. The code below is a simple HTML form. The hidden form element password_edited starts out set to 0. When the value of password is changed, the JavaScript at the top (pw_edited function) changes the value to 1. When the button is pressed, it checks the valueenter code here before submitting the form. That way, even if the browser ignores you and autocompletes the field, the user cannot pass the login page without typing in the password field. Also, make sure to blank the password field when focus is set. Otherwise, you can add a character at the end, then go back and remove it to trick the system. I recommend adding the autocomplete="off" to password in addition, but this example shows how the backup code works.

    <html>
      <head>
        <script>
          function pw_edited() {
            document.this_form.password_edited.value = 1;
          }
          function pw_blank() {
            document.this_form.password.value = "";
          }
          function submitf() {
            if(document.this_form.password_edited.value < 1) {
              alert("Please Enter Your Password!");
            }
            else {
             document.this_form.submit();
            }
          }
        </script>
      </head>
      <body>
        <form name="this_form" method="post" action="../../cgi-bin/yourscript.cgi?login">
          <div style="padding-left:25px;">
            <p>
              <label>User:</label>
              <input name="user_name" type="text" class="input" value="" size="30" maxlength="60">
            </p>
            <p>
              <label>Password:</label>
              <input name="password" type="password" class="input" size="20" value="" maxlength="50" onfocus="pw_blank();" onchange="pw_edited();">
            </p>
            <p>
              <span id="error_msg"></span>
            </p>
            <p>
              <input type="hidden" name="password_edited" value="0">
              <input name="submitform" type="button" class="button" value="Login" onclick="return submitf();">
            </p>
          </div>
        </form>
      </body>
    </html>
    
    0 讨论(0)
  • 2020-11-22 00:05

    One way I know is to use (for instance) JavaScript to copy the value out of the password field before submitting the form.

    The main problem with this is that the solution is tied to JavaScript.

    Then again, if it can be tied to JavaScript you might as well hash the password on the client-side before sending a request to the server.

    0 讨论(0)
  • 2020-11-22 00:06

    In addition to

    autocomplete="off"
    

    Use

    readonly onfocus="this.removeAttribute('readonly');"
    

    for the inputs that you do not want them to remember form data (username, password, etc.) as shown below:

    <input type="text" name="UserName" autocomplete="off" readonly 
        onfocus="this.removeAttribute('readonly');" >
    
    <input type="password" name="Password" autocomplete="off" readonly 
        onfocus="this.removeAttribute('readonly');" >
    

    Tested on the latest versions of the major browsers i.e. Google Chrome, Mozilla Firefox, Microsoft Edge, etc. and works like a charm. Hope this helps.

    0 讨论(0)
  • 2020-11-22 00:07

    autocomplete="off" works for most modern browsers, but another method I used that worked successfully with Epiphany (a WebKit-powered browser for GNOME) is to store a randomly generated prefix in session state (or a hidden field, I happened to have a suitable variable in session state already), and use this to alter the name of the fields. Epiphany still wants to save the password, but when going back to the form it won't populate the fields.

    0 讨论(0)
  • 2020-11-22 00:09

    I had been struggling with this problem a while, with a unique twist to the problem. Privileged users couldn't have the saved passwords work for them, but normal users needed it. This meant privileged users had to log in twice, the second time enforcing no saved passwords.

    With this requirement, the standard autocomplete="off" method doesn't work across all browsers, because the password may have been saved from the first login. A colleague found a solution to replace the password field when it was focused with a new password field, and then focus on the new password field (then hook up the same event handler). This worked (except it caused an infinite loop in IE6). Maybe there was a way around that, but it was causing me a migraine.

    Finally, I tried to just have the username and password outside of the form. To my surprise, this worked! It worked on IE6, and current versions of Firefox and Chrome on Linux. I haven't tested it further, but I suspect it works in most if not all browsers (but it wouldn't surprise me if there was a browser out there that didn't care if there was no form).

    Here is some sample code, along with some jQuery to get it to work:

    <input type="text" id="username" name="username"/>
    <input type="password" id="password" name="password"/>
    
    <form id="theForm" action="/your/login" method="post">
      <input type="hidden" id="hiddenUsername" name="username"/>
      <input type="hidden" id="hiddenPassword" name="password"/>
      <input type="submit" value="Login"/>
    </form>
    
    <script type="text/javascript" language="JavaScript">
      $("#theForm").submit(function() {
        $("#hiddenUsername").val($("#username").val());
        $("#hiddenPassword").val($("#password").val());
      });
      $("#username,#password").keypress(function(e) {
        if (e.which == 13) {
          $("#theForm").submit();
        }
      });
    </script>
    
    0 讨论(0)
提交回复
热议问题