Cross-browser techniques for disabling password caching

前端 未结 5 776
花落未央
花落未央 2020-12-05 20:18

Saving and auto-filing of username/password is a feature of most modern browsers. And the user can generally choose to disable this feature on a per domain basis. But is the

相关标签:
5条回答
  • 2020-12-05 20:43

    Add autocomplete="off" to your <input> elements. Works in all modern browsers, IIRC.

    0 讨论(0)
  • 2020-12-05 20:44

    I would imagine that browsers save a form's fields when the form is submitted. What if you used AJAX to get the value of the password field, send it, then clear the field? The form would never actually be submitted, so the browser would, theoretically, never have an opportunity to save the values.

    0 讨论(0)
  • 2020-12-05 20:50

    Give the password input a randomly generated name that only you can recognize. Store that name, for example, in a hidden field, and then use that to get the inserted password. That way, even if the browser does cache the password, it won't be able to bring it back up next time the user visits.

    Your users will likely at this point proceed to cache the passwords on a postit on the side of the monitor, but that's really a whole different battle.

    The same method works well against spam, since most bots rely on finding common field names.

    0 讨论(0)
  • 2020-12-05 20:57

    AFAIK, masked fields (ones that show '*' instead of the symbol you type) are never saved for autocomplete. Do you want to prevent the user from remembering the password to your site in the browser's password-saving facilities?

    0 讨论(0)
  • 2020-12-05 21:00

    Simply add another password field between the username and password and set the style to display none.

    <!-- Username label and text here> ... <--!>
    <input type="password" id='txtPasswordDud' style='display: none;' />
    <!-- Actual Password label and text here> ... <--!>
    
    0 讨论(0)
提交回复
热议问题