HTML and CSS Reference
In-Depth Information
Turn on Autocomplete
Remove
autocomplete="off"
attributes where appropriate.
Code View:
<form action="/login" method="post" autocomplete="off">
<p><label>E-Mail Address:
<input type="text" name="e1" autocomplete="off"/>
</label></p>
<p><label>Password:
<input type="password" name="p1" />
</label></p>
<input type="submit" title="Login" autocomplete="off"/>
</form>
<form action="/login" method="post" autocomplete="off">
<p><label>E-Mail Address:
<input type="text" name="e1" />
</label></p>
<p><label>Password:
<input type="password" name="p1" />
</label></p>
<input type="submit" title="Register" />
</form>
Motivation
Autocompletion helps users avoid wasting time retyping repetitive content. It's especially helpful to physically
impaired users (including the very young and very old) who have much greater difficulty typing than average.
Autocompletion also improves security in login forms by avoiding the need for users to write down passwords or
to reuse the same password from site to site. Login forms that prevent users from using autocomplete are far
more likely to be compromised by out-of-band mechanisms such as shoulder surfing.
Potential Trade-offs
Many webmasters believe that autocompleting logins is a security risk. Indeed, it may be so on a shared
computer, such as one in a public library. However, only the end-user can determine whether their computer is
shared. Users are always free not to remember a username or password or to tell the browser to forget stored
information, if they use a shared computer. That being said, I do recommend that lab managers configure their
Search WWH ::
Custom Search