[RCD] save login password?

Rimas Kudelis rq at akl.lt
Thu Oct 21 15:28:32 CEST 2010


2010.10.21 16:07, Cor Bosman rašė:
>> Hmm, indeed – why do we have autocomplete=off in the login form? We're not making a banking application.
> Speak for yourself, we happen to care about the privacy and security of our customers.
>
> Think: internet cafe, a prime location for using webmail.

I don't think the prime location argument still applies. At least not 
universally.

On the other hand, I believe that Internet cafes should really care more 
about the privacy and security of their visitors. Password management 
features should be disabled, but often are not, in Internet cafes.

But there's a reason why browsers provide password management, it's 
called convenience. By telling the browser to disable that feature for 
one particular website, you're not only protecting those clients who 
check email in internet cafes, but also annoying those who do this at 
home, using their own Personal Computers. Plus, this doesn't educate the 
user at all.

This could at least be configurable by the administrator.

As an alternative, an unchecked-by-default checkbox could exist on the 
login page, which would use JS to remove the autocomplete=off attributes 
from the form elements when checked. This way, a user could at least opt 
in to use the save password feature explicitly.

Rimas
_______________________________________________
List info: http://lists.roundcube.net/dev/
BT/aba52c80


More information about the Dev mailing list