@mattab opened this Issue on September 30th 2014 Member

The goal of this issue is to create a new config file setting to enable autocomplete=off on all password fields in Piwik.

Steps

  • New config setting
  • Applies to Login form, Password reset form, and other password field in Manage users admin screen

Reasoning behind the request:

In february this year someone made the suggestion in PR #231 and I decided to not put it in Piwik core as there seems to be a lot of people arguing against this measure as it breaks the usability of password managers. For more info on the pros/cons see: https://startpage.com/do/search?q=autocomplete%3Doff%20security

However because some users like this setting and because it does provide better security in some cases such as a Piwik accessible to dozens of people, then we should simply add such a useful setting.

@narion commented on June 26th 2018

Is there any update on this features addition?

@sgiehl commented on June 26th 2018 Member

That isn't anything we will work on soon. But Pull Requests are always welcome 🙂

@christophs78 commented on December 3rd 2019

Our security folks think we need to set autocomplete=off. Currently we have to modify the matomo-installation after each update manually. We would really appreciate a config-setting for this.

@Findus23 commented on December 3rd 2019 Member

Hoenestly this doesn't matter anymore. Website developers have abused autocomplete="off" to break password managers so that most browsers started to side with the users and are ignoring it now.

@sgiehl commented on December 19th 2022 Member

We meanwhile have a autocomplete=off on all password fields and there shouldn't be any sense in having a config to remove that.

This Issue was closed on December 19th 2022
Powered by GitHub Issue Mirror