WingNews logo WingNews
top | item 21238694

(no title)

flaviu1 | 6 years ago

> It seems to reduce the potential for security leaks

Misguided views like this are exactly how. Turning off autocomplete doesn't improve any sort of security, since the site already needs to trust the browser.

It serves no purpose other than to frustrate the user, and might even reduce security if it prevents the user from easily making use of a password manager.

discuss

order

mike_pol|6 years ago

Agreed on password fields, however if you have a webapp crm it causes so many problems. And also giving a solution of "hey just put something that we don't understand in the autocomplete so we won't try to autocomplete it" is really not a solution at all.

Imagine if instead of autocomplete it was something like ignoring font sizes/color because they detected that engagement was low when font size was whatever so they render it differently. A browser should render HTML not make decisions like these

millstone|6 years ago

You just described reader mode!

vidarh|6 years ago

It does sometimes improve security for the user.

This happens when the auto-complete triggers on things it shouldn't and the user doesn't notice and submits personal details they never wanted to send to the site at all.

I've had to struggle a lot with working around Google's wrong-headed approach to this because this actually happens to real users. It's downright irresponsible, and I think frankly it's just a question of time before EU data protection watchdogs starts to take notice. All it will take is a sufficiently bad case of unintended disclosure of personal information (e.g. imagine a domestic abuse victim accidentally having their new address auto-completed in just the wrong situation).

(EDIT: this also easily happens with web apps where someone has to enter details for different users in the same forms multiple times; it get's very easy to end up not noticing Chrome auto-completing details for unrelated users; if that information is later visible to the user, it creates a real risk of leaking personal information)

pyrale|6 years ago

When user experience is bad, the website suffers, not chrome.

When chrome devs believe it is their role to alter ux, they are backseat driving.

throwaway2048|6 years ago

plenty of stuff (like credit card info for instance) should absolutely never be auto-completed. The browser storing that sorta stuff to disk is stupid and completely avoidable.

Already caught chrome doing this to my Social Security Number before i disabled the functionality entirely. The idea of Chrome automatically auto filling any form it sees labeled "SSN" on any site dosen't inspire confidence.

Thorrez|6 years ago

> (like credit card info for instance) should absolutely never be auto-completed

One of LastPass's advertised features is credit card autofill. I assume they advertise it because some users like it.

https://www.lastpass.com/autofill

xmodem|6 years ago

One CRM webapp I worked on took our frontenders several attempts at different hacks to get Chrome to stop treating the SSN-equiv field as a credit card autofill.