Apparently not everyone is doing it properly.
3 Likes
an amazing amount of effort to avoid doing something exceedingly simple.
something which everyone should have been for the last ten years anyway.
1 Like
That is just BAD!
Eh… what.
Password fields aren’t even secure in the first place lol.
no; the “secure” part is modern browsers showing a warning when an <input type=password/> was submitted over http (not https), which is what this defeats.
1 Like
“secure” is the correct notation.
well, yes; I phrased that wrong. I didn’t mean to imply it would be secure if the warning was present.
i.e., no one is trying to make it “secure” at all; they’re trying to hide the fact that it isn’t.
The fact alone that reading saved passwords by just changing the input type to text is still a thing after so many years is embarassing at best.
i don’t disagree. the dots are only for preventing shoulder-surfing “attacks.”
are you talking about when a browser enters a saved password for you? this is the browser’s fault (or possibly the user’s, for allowing the browser to store passwords), not the password field’s.
of course, but it still shouldn’t be a thing 