How can my web developers get around Firefox remembering a password for my site that needs to be secure?
I'm developing a site that needs to be secure. At the moment on firefox it is remembering a users password and this is very unsecure. I know the user can turn this off but that is not good enough and does not guarantee security of information. I have to get my developers to make it so Firefox cannot remember the password. How do they do it? (They have already added some code which they said would stop major browsers from being able to remember passwords but this didn't work with Firefox). They are probably too proud to go onb a forum and ask for an answer but I'm not!
All Replies (2)
This forum focuses on end-user support. You can find more web development help on the mozillaZine Web Development board. Separate forum, separate registration. Please note the tips in the Sticky Post at the top of the forum before posting.
That said... Firefox honors the setting autocomplete="off" in the form tag. When this attribute is set, users should not be prompted to save the username/password, and it should not be filled automatically. (Is this what wasn't working??)
https://developer.mozilla.org/en/How_to_Turn_Off_Form_Autocompletion
Knowledgeable users can bypass this setting by running a script to strip this attribute. I doubt that very many users would do that, but if people have to log in very frequently, it is more likely to happen. Users also may use add-ons that manage passwords, and those add-ons might not honor the autcomplete="off" setting. I haven't used any such add-ons, so I don't know the situation there.
I'm sure this isn't completely satisfactory but hopefully it helps to some extent.
jscher2000 - Support Volunteer trɔe
If you want to make it more difficult then use JavaScript to create that log in form in addition to using autocomplete=off or use a Flash object. Firefox currently only offers to store the password if the log in form is present in the page source.