Bug #87303
closedDisable autocomplete for login forms
0%
Description
In order to apply strong security defaults it is suggested to disable autocomplete of login forms.
References:Updated by Stefanos Karasavvidis about 5 years ago
It can be argued that forcing users to remember their passwords leads to simple and easily guessable passwords.
Power users will use a password manager anyway. And for normal users, IMHO it's better to let them use their browsers autocomplete instead of "forcing" them to use everywhere 12345.
Updated by Benni Mack about 4 years ago
- Status changed from New to Rejected
won't do, as browsers overrule whatever they want to do these days (https://stackoverflow.com/questions/12374442/chrome-ignores-autocomplete-off)
Updated by Peter Linzenkirchner almost 4 years ago
I would recommend to implement this feature. Nearly every external security company demands this feature in their pen tests now. It does not need to make sense in the end - they recommend this feature and we have to patch TYPO3 in order achieve it.