New config setting to set autocomplete=off to password fields in Piwik #6347
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Enhancement
For new feature suggestions that enhance Matomo's capabilities or add a new report, new API etc.
not-in-changelog
For issues or pull requests that should not be included in our release changelog on matomo.org.
Milestone
The goal of this issue is to create a new config file setting to enable
autocomplete=off
on all password fields in Piwik.Steps
Reasoning behind the request:
In february this year someone made the suggestion in PR #231 and I decided to not put it in Piwik core as there seems to be a lot of people arguing against this measure as it breaks the usability of password managers. For more info on the pros/cons see: https://startpage.com/do/search?q=autocomplete%3Doff%20security
However because some users like this setting and because it does provide better security in some cases such as a Piwik accessible to dozens of people, then we should simply add such a useful setting.
The text was updated successfully, but these errors were encountered: