Project

General

Profile

Actions

Bug #87303

closed

Disable autocomplete for login forms

Added by Oliver Hader about 5 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2018-12-27
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

In order to apply strong security defaults it is suggested to disable autocomplete of login forms.

References:
Actions #1

Updated by Stefanos Karasavvidis about 5 years ago

It can be argued that forcing users to remember their passwords leads to simple and easily guessable passwords.

Power users will use a password manager anyway. And for normal users, IMHO it's better to let them use their browsers autocomplete instead of "forcing" them to use everywhere 12345.

Actions #2

Updated by Oliver Hader about 5 years ago

  • Assignee deleted (Oliver Hader)
Actions #3

Updated by Benni Mack about 4 years ago

  • Status changed from New to Rejected

won't do, as browsers overrule whatever they want to do these days (https://stackoverflow.com/questions/12374442/chrome-ignores-autocomplete-off)

Actions #4

Updated by Peter Linzenkirchner almost 4 years ago

I would recommend to implement this feature. Nearly every external security company demands this feature in their pen tests now. It does not need to make sense in the end - they recommend this feature and we have to patch TYPO3 in order achieve it.

Actions

Also available in: Atom PDF