[whatwg] [WF2] Objection to autocomplete Attribute
Mikko Rantalainen
mikko.rantalainen at peda.net
Tue Mar 29 03:06:35 PST 2005
James Graham wrote:
> Mikko Rantalainen wrote:
>
>>My bank uses one-shot passwords for web access
>
> Which seems to be an ideal use-case for the autocomplete attribute...
But in this case, the autocomplete isn't a *security* feature
(though my point is, it should never be considered a security
feature). Instead, it's an enchancement (UA will not store or
incorrectly suggest old value as valid input) and it should make no
difference to bank if UA supports that feature or not. No support
means lesser user experience in this case but there's no security
tradeoff.
Banks that *require* that UA supports autocomplete don't really
understand the problem. (Or they understand the problem but don't
want to fix it, instead they simply try to hide the problem.)
WF2 shouldn't require UAs to support this feature. Just a note that
some institutions insanely want this feature is enough.
--
Mikko
More information about the whatwg
mailing list