![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
autocomplete=off on password fields sucks
The other day I decided to finally try and figure out why it is that Safari and other browsers do not offer to remember passwords for me on certain web sites. I regularly encounter this problem on some banking web sites, and the Yahoo login page for Flickr. Looks like the common way of keeping browsers from remembering passwords is the non-standard autocomplete HTML form attribute (assigned a value of "off"). This originally was a feature added to Microsoft Internet Explorer, but Firefox and Safari support it now, along with probably lots of other browsers.
The idea is presumably to keep users from storing passwords in an insecure manner on their computers. However, I use the built in keychain on Mac OS X, so it stores these remembered passwords in a fairly secure manner. Firefox's password manager also can encrypt stored passwords with a master passphrase if you tell it to. I don't memorize most of my passwords, so whenever I log in to a site that won't let me store a password in my keychain I have to go and decrypt a GnuPG encrypted text file I store all my passwords in. This essentially means I do the same thing as using the keychain would, but it requires doing pointless extra stupid work.
I should get to decide what my computer will do. I don't need web sites telling me how to secure things. This kind of behavior encourages users to choose crap passwords just so they can remember them, or re-use the same password for many sites/accounts. Both are, of course, bad for security.
Does anyone have any suggestions on how I can make Safari ignore the autocomplete form attribute? So far the only solutions I've seen for working around this involve patching WebCore, which seems scary and like total overkill. I don't want to use some other password manager either--I'd rather use the one built in to the OS. I tried using Privoxy with some filter rules, but gave up because it was taking too much effort and time to configure. I'm considering switching back to Firefox. I think it at has some extensions that will make it ignore this damn form attribute, or at least GreaseMonkey can do it for me. But it would be cool if I could just make Safari ignore this autocomplete attribute.
The idea is presumably to keep users from storing passwords in an insecure manner on their computers. However, I use the built in keychain on Mac OS X, so it stores these remembered passwords in a fairly secure manner. Firefox's password manager also can encrypt stored passwords with a master passphrase if you tell it to. I don't memorize most of my passwords, so whenever I log in to a site that won't let me store a password in my keychain I have to go and decrypt a GnuPG encrypted text file I store all my passwords in. This essentially means I do the same thing as using the keychain would, but it requires doing pointless extra stupid work.
I should get to decide what my computer will do. I don't need web sites telling me how to secure things. This kind of behavior encourages users to choose crap passwords just so they can remember them, or re-use the same password for many sites/accounts. Both are, of course, bad for security.
Does anyone have any suggestions on how I can make Safari ignore the autocomplete form attribute? So far the only solutions I've seen for working around this involve patching WebCore, which seems scary and like total overkill. I don't want to use some other password manager either--I'd rather use the one built in to the OS. I tried using Privoxy with some filter rules, but gave up because it was taking too much effort and time to configure. I'm considering switching back to Firefox. I think it at has some extensions that will make it ignore this damn form attribute, or at least GreaseMonkey can do it for me. But it would be cool if I could just make Safari ignore this autocomplete attribute.
if you still didn't find a solution
http://userscripts.org/scripts/show/2869
Good luck.
Re: if you still didn't find a solution
(Anonymous)
Re: if you still didn't find a solution
http://www.versiontracker.com/dyn/morein
--Tom
Re: if you still didn't find a solution