+ Post New Thread
Results 1 to 11 of 11
How do you do....it? Thread, How to prevent password being saved on web? in Technical; Is there any way, on the server side, to prevent a web browser from attempting to save a password? As ...
  1. #1
    duncane's Avatar
    Join Date
    Dec 2006
    Location
    Dewsbury, West Yorkshire
    Posts
    156
    Thank Post
    66
    Thanked 9 Times in 9 Posts
    Rep Power
    17

    How to prevent password being saved on web?

    Is there any way, on the server side, to prevent a web browser from attempting to save a password?

    As we put more sensitive information on secure websites, the risk of staff letting their browser remember their password becomes increasingly hazardous.

    In an ideal world they'd be security conscious, and have a separate passworded account at home, just like they should have up to date anti-virus and anti-malware software installed. This would prevent anyone else, such as their kids/spouse etc, gaining access.

    But just in case... rare though it would be... I'd like to prevent that situation from arising. (Basically I want to do as much as I can to help.)

    Any ideas?

  2. #2
    mmoseley's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    751
    Thank Post
    109
    Thanked 105 Times in 80 Posts
    Blog Entries
    2
    Rep Power
    43
    In the IE7 ADM templates there is an option to disable the ability to save passwords!

  3. #3
    duncane's Avatar
    Join Date
    Dec 2006
    Location
    Dewsbury, West Yorkshire
    Posts
    156
    Thank Post
    66
    Thanked 9 Times in 9 Posts
    Rep Power
    17
    Quote Originally Posted by mmoseley View Post
    In the IE7 ADM templates there is an option to disable the ability to save passwords!
    Unfortunately that's on the client side - don't forget this is for the teacher's home computers, not the computers in the school.

    I seem to remember a news article (a few years back) complaining about a bank that allowed it's passwords to be remembered by the browser - and they changed something to prevent this. (I hate having vague memories about these things - because I know there's a solution, but I don't have enough information to do a productive search - g'ah!)

  4. #4
    mmoseley's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    751
    Thank Post
    109
    Thanked 105 Times in 80 Posts
    Blog Entries
    2
    Rep Power
    43
    Sorrry! I should read things twice!

    You can tell them to turn it off in IE

    • In an Internet Explorer browser window, click on Tools
    • Click on Internet Options
    • On the Internet Options configuration console, click the Content tab.
    • In the AutoComplete section, click on the Settings button


    and there is an option to turn off the saving of passwords

    EDIT - To delete the already stored passwords just delete all browser history (which includes passwords stored)
    Last edited by mmoseley; 23rd December 2008 at 05:46 PM.

  5. #5
    Jenko22's Avatar
    Join Date
    May 2007
    Location
    Truro
    Posts
    26
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    15
    Just googled "bank prevent stored passwords" on the off chance, this thread is number one. but This looks like it there is a link there with a longer discussion on the same idea.

  6. Thanks to Jenko22 from:

    duncane (23rd December 2008)

  7. #6

    Andrew_C's Avatar
    Join Date
    Sep 2005
    Location
    Winchester
    Posts
    2,961
    Thank Post
    64
    Thanked 374 Times in 284 Posts
    Rep Power
    159
    LLoyds TSB still offer to "remember ...on this PC " but then ask for 3 letters/digits from something (totally un)memorable. That is, I can remember it, but workout the 3rd, 9th, and 12th letter without writing it down? No chance.

    Will IE or FF remember it as a password if you call it something else? Perhaps; "Enter User Name" then "Enter Code".

  8. #7
    pagelad's Avatar
    Join Date
    Dec 2008
    Location
    Newcastle
    Posts
    181
    Thank Post
    4
    Thanked 15 Times in 13 Posts
    Rep Power
    14
    If your savvy with web programming you could edit the login page

    instead of

    Username and password as form fields you could randomly generate a code to go on the end and use a different one every time the login page appears.

    One time you could get loginX73h33 With PasswordU7878 , if its different everytime the browser wont be able to store the details.

  9. #8

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,756
    Thank Post
    3,265
    Thanked 1,052 Times in 973 Posts
    Rep Power
    365
    something like this :

    How to disable Internet Explorer password caching

    OR

    http://www.merawindows.com/Forums/ta...s/Default.aspx

    Number 20 on the above link.

    Email them the registry as a reg file and get them to double click on it and apply it and restart ie.

    Might also want to advise them of ccleaner - enabling the passwords checkbox to clear out old passwords.

    ?????
    Last edited by mac_shinobi; 23rd December 2008 at 07:09 PM.

  10. #9
    mrcrazy04's Avatar
    Join Date
    Nov 2006
    Location
    Bedfordshire/Cheltenham, UK
    Posts
    259
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    17
    Code:
    autocomplete="off"
    in the username/password boxes looks like it might be the way to do it - and you could combine it with javascript to blank the input boxes when the page loads as well.

  11. Thanks to mrcrazy04 from:

    duncane (23rd December 2008)

  12. #10
    duncane's Avatar
    Join Date
    Dec 2006
    Location
    Dewsbury, West Yorkshire
    Posts
    156
    Thank Post
    66
    Thanked 9 Times in 9 Posts
    Rep Power
    17
    Cool - it looks like there's some good information to be going on with there.

    Jenko22 - I just need to try more synonyms - I didn't hit upon the right combination.

    MrCrazy04 - Javascript to blank the boxes seems a good idea too.

  13. #11
    mpe
    mpe is offline

    Join Date
    Nov 2008
    Location
    Exeter
    Posts
    1,101
    Thank Post
    106
    Thanked 65 Times in 57 Posts
    Rep Power
    33
    Quote Originally Posted by duncane View Post
    Is there any way, on the server side, to prevent a web browser from attempting to save a password?
    The simple answer is no. In the same way that the server cannot assume that its output will be rendered in any specific way nor can it trust anything a browser tells it.

    About the only thing you could do is try to have the server ask for a password in a way which browser won't recognise.

SHARE:
+ Post New Thread

Similar Threads

  1. keep Register topmost window until saved.
    By kerlj001 in forum MIS Systems
    Replies: 1
    Last Post: 5th October 2008, 09:29 PM
  2. AV installation saved by fantastic company
    By djdohboy in forum Recommended Suppliers
    Replies: 3
    Last Post: 11th September 2008, 07:05 PM
  3. Web based Password Manager?
    By Quackers in forum Windows
    Replies: 9
    Last Post: 5th September 2008, 08:53 PM
  4. Replies: 11
    Last Post: 30th October 2007, 06:05 PM
  5. Saved Forms Data
    By ruggie_uk in forum Windows
    Replies: 0
    Last Post: 24th September 2007, 10:18 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •