Geek Answers Handbook

How to disable autocomplete HTML password field in IE11?

IE11 has lost support for autocomplete=off for input type=password at the form and element level.

Has anyone found a working solution to disable autocomplete in IE11?

+8
html autocomplete internet-explorer-11
source share
5 answers

You are much better off resolving a two-factor authentication security problem. Hacking a browser will (a) work only in the short term (password managers get better at handling such approaches), and (b) often lead to accessibility issues that can cost you a lot more users than your fear of a legitimate password leak. If you work in a large organization, assistive technology users who have enough time to work with your browsers can finish filing a lawsuit. (I don’t speak with this hack, in particular, but, generally speaking, working with a browser harms assistive technologies)

Two-factor authentication, even a sloppy implementation that just asks for something like a middle name and then sets a cookie ("this browser is now allowed to access without 2FA for a month"), makes it extremely difficult for a random hacker to gain unauthorized access to an account and Improve the environment for users, especially those using screen readers or other assistive technologies.

Disabling password managers, on the other hand, leads to a light password, not strong passwords. Using LastPass or the like, I can have a 24-character password (and LastPass, maybe fill in the fields that you are trying to protect with hacks, fyi), which I would never hope to remember, and a different password for each site. When I have passwords that I need to remember, they tend to be two words strung together with a symbol such as "Dogs + Knife".

+6
source share

This is a workaround, not a best practice.

IE 11 will autocomplete any input type="password" . BUT he will fill only the first. So i did it

 <div style="display:none;"> <input type="text" id="my_username"/> <input type="password" id="my_password"/> </div> <asp:Login ID="Login1" runat="server" SkinId="LoginDefault" LabelStyle-Font-Bold="true" DisplayRememberMe="False" DestinationPageUrl="~/CheckPassword.aspx"> <LoginButtonStyle CssClass="btnEntry" /> <LabelStyle Font-Bold="True" /> </asp:Login>

Now, if you notice that the first one has a display style: none. This allows IE 11 to autofill it, but the user doesn’t care because they don’t see it. I know this is a kind of hack, but it works.

+2
source share

You can insert hidden input after entering the username.

+1
source share

You must have different pages for username and password. This approach is also used by Google.

Google login screen

+1
source share

I'm a little late for this, but the cleanest approach (at the time of writing) seems to force users to enter their username and password on different pages, i.e. the user enters his username, transfers, and then enters his password and submit. Bank of America and HSBC Bank Sites use this, too.

Since the browser cannot associate the password with the username, it will not offer to store passwords. This approach works in all major browsers (at the time of writing) and will function properly without using Javascript. The disadvantages are that it would be more difficult for the user and would require 2 postbacks for the login action instead of one, so it really depends on how secure your website is.

PS: Firefox will follow the example of IE11 and ignore autocomplete="off" for password fields, according to this ' error report , which is marked VERIFIED FIXED .

0
source share

More articles:


All Articles