[whatwg] [WF2] Objection to autocomplete Attribute

Mikko Rantalainen mikko.rantalainen at peda.net
Tue Mar 29 03:06:35 PST 2005


James Graham wrote:
> Mikko Rantalainen wrote:
> 
>>My bank uses one-shot passwords for web access
> 
> Which seems to be an ideal use-case for the autocomplete attribute...

But in this case, the autocomplete isn't a *security* feature 
(though my point is, it should never be considered a security 
feature). Instead, it's an enchancement (UA will not store or 
incorrectly suggest old value as valid input) and it should make no 
difference to bank if UA supports that feature or not. No support 
means lesser user experience in this case but there's no security 
tradeoff.

Banks that *require* that UA supports autocomplete don't really 
understand the problem. (Or they understand the problem but don't 
want to fix it, instead they simply try to hide the problem.)

WF2 shouldn't require UAs to support this feature. Just a note that 
some institutions insanely want this feature is enough.

-- 
Mikko



More information about the whatwg mailing list