When changing another user's password, prevent password field to be auto filled by password manager #14711

mattab · 2019-07-30T04:59:57Z

Reported by a user:

I experienced a weird issue with my LastPass (https://lastpass.com) client in Chrome: it auto-filled the user password field with the value of the superuser password (which you know is requested from the su before allowing to submit the form). As result the user gets it's password overwritten. This is not exactly your problem, but I guess you might want to know that, so you can get to LastPass with it.

-> Goal of this issue would be to prevent this auto-filling of password while changing another user's password. Maybe sufficient to rename the password input field name on the "edit user" screen?

Findus23 · 2019-08-01T15:42:16Z

There is a nice autocomplete="off" HTML attribute, but thanks to banks and other companies, who thought disabling password managers for their login would make them more secure, all Browsers ignore it. So there are only ugly hacks left or moving the password to a separate page.

mattab added the c: Usability For issues that let users achieve a defined goal more effectively or efficiently. label Jul 30, 2019

mattab modified the milestones: Priority Backlog (Help wanted), Backlog (Help wanted) Jan 21, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

When changing another user's password, prevent password field to be auto filled by password manager #14711

When changing another user's password, prevent password field to be auto filled by password manager #14711

mattab commented Jul 30, 2019

Findus23 commented Aug 1, 2019

When changing another user's password, prevent password field to be auto filled by password manager #14711

When changing another user's password, prevent password field to be auto filled by password manager #14711

Comments

mattab commented Jul 30, 2019

Findus23 commented Aug 1, 2019