FR
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Login Security] Password 'Show' button reveals auto-complete password

Scurvs
Just Moved In

‎05-28-2018 08:08 AM

Environment:

Windows 10.0
Javascript enabled
Cookies enabled
Browser size 2481 x 1374

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36

 

Steps to reproduce issue:

  1. Access MyAccount. If signed-in already, be sure to sign out and perform this step again.
  2. Sign-in, and allow the browser's password keeper to remember the sign-in details.
  3. Sign-out, and access MyAccount. The browser's password keeper should have input the username and password already.
  4. Click the "Show" button in the password field of the login form.

Expected result:

The auto-complete password should remain masked, the field should be cleared when the "Show" button is clicked, or the button should be disabled when the password field is being completed by an auto-complete function.

 

Actual result:
The auto-complete password is revealed in clear-text.

0 Kudos
Reply
1 REPLY 1

Nighthawk
Community Power User
Community Power User

‎05-28-2018 10:24 AM

I'd never use any browser's built in password saving features. Too risky.

 

The challenge you'll find is that different browsers handle autofill differently. What may work on one, may not work on another. Deleting the contents of the password field when Show password is clicked defeats the purpose of the button. One big reason I can think of that the button is there is that users are given 5 chances maximum before their account is locked and a call to Telus would have to be made to unlock it.


If you find a post useful, please give the author a "Like" or mark as an accepted solution if it solves your trouble. 🙂
0 Kudos
Reply
Copyright © 2022 Khoros, LLC