{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 荒废的爱情 的问题《Disable browser 'Save Password' functional》','https://www.manongdao.com/q-2043.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
One of the joys of working for a government healthcare agency is having to deal with all of the paranoia around dealing with PHI (Protected Health Information). Don't get me wrong, I'm all for doing everything possible to protect people's personal information (health, financial, surfing habits, etc.), but sometimes people get a little too jumpy.
Case in point: One of our state customers recently found out that the browser provides the handy feature to save your password. We all know that it has been there for a while and is completely optional and is up to the end user to decide whether or not it is a smart decision to use or not. However, there is a bit of an uproar at the moment and we are being demanded to find a way to disable that functionality for our site.
Question: Is there a way for a site to tell the browser not to offer to remember passwords? I've been around web development a long time but don't know that I have come across that before.
Any help is appreciated.
Use real two-factor authentication to avoid the sole dependency on passwords which might be stored in many more places than the user's browser cache.
What I have been doing is a combination of autocomplete="off" and clearing password fields using a javascript / jQuery.
jQuery Example:
By using
setTimeout()you can wait for the browser to complete the field before you clear it, otherwise the browser will always autocomplete after you've clear the field.if autocomplete="off" is not working...remove the form tag and use a div tag instead, then pass the form values using jquery to the server. This worked for me.
The website tells the browser that it is a password by using
<input type="password">. So if you must do this from a website perspective then you would have to change that. (Obviously I don't recommend this).The best solution would be to have the user configure their browser so it won't remember passwords.
You can prevent the browser from matching the forms up by randomizing the name used for the password field on each show. Then the browser sees a password for the same the url, but can't be sure it's the same password. Maybe it's controlling something else.
Update: note that this should be in addition to using autocomplete or other tactics, not a replacement for them, for the reasons indicated by others.
Also note that this will only prevent the browser from auto-completing the password. It won't prevent it from storing the password in whatever level of arbitrary the security the browser chooses to use.
The cleanest way is to use
autocomplete="off"tag attribute but Firefox does not properly obey it when you switch fields with Tab.The only way you could stop this is to add a fake hidden password field which tricks the browser to populate the password there.
It is an ugly hack, because you change the browser behavior, which should be considered bad practice. Use it only if you really need it.
Note: this will effectively stop password autofill, because FF will "save" the value of
#prevent_autofill(which is empty) and will try to populate any saved passwords there, as it always uses the firsttype="password"input it finds in DOM after the respective "username" input.