Bug #87303
closed
Disable autocomplete for login forms
Added by Oliver Hader over 5 years ago.
Updated almost 4 years ago.
Description
In order to apply strong security defaults it is suggested to disable autocomplete of login forms.
References:
It can be argued that forcing users to remember their passwords leads to simple and easily guessable passwords.
Power users will use a password manager anyway. And for normal users, IMHO it's better to let them use their browsers autocomplete instead of "forcing" them to use everywhere 12345.
- Assignee deleted (
Oliver Hader)
- Status changed from New to Rejected
I would recommend to implement this feature. Nearly every external security company demands this feature in their pen tests now. It does not need to make sense in the end - they recommend this feature and we have to patch TYPO3 in order achieve it.
Also available in: Atom
PDF