[Login Security] Password 'Show' button reveals auto-complete password
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
This thread's discussion is locked. If it doesn't give you the information you need, head to its forum board for active discussions or to start a new discussion.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Link to Post
- Email to a Friend
- Report Inappropriate Content
Environment:
Windows 10.0
Javascript enabled
Cookies enabled
Browser size 2481 x 1374
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36
Steps to reproduce issue:
- Access MyAccount. If signed-in already, be sure to sign out and perform this step again.
- Sign-in, and allow the browser's password keeper to remember the sign-in details.
- Sign-out, and access MyAccount. The browser's password keeper should have input the username and password already.
- Click the "Show" button in the password field of the login form.
Expected result:
The auto-complete password should remain masked, the field should be cleared when the "Show" button is clicked, or the button should be disabled when the password field is being completed by an auto-complete function.
Actual result:
The auto-complete password is revealed in clear-text.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Link to Post
- Email to a Friend
- Report Inappropriate Content
I'd never use any browser's built in password saving features. Too risky.
The challenge you'll find is that different browsers handle autofill differently. What may work on one, may not work on another. Deleting the contents of the password field when Show password is clicked defeats the purpose of the button. One big reason I can think of that the button is there is that users are given 5 chances maximum before their account is locked and a call to Telus would have to be made to unlock it.
If you find a post useful, please give the author a "Like" or mark as an accepted solution if it solves your trouble. 🙂