How do you do....it? Thread, How to prevent password being saved on web? in Technical; Is there any way, on the server side, to prevent a web browser from attempting to save a password?
23rd December 2008, 05:28 PM #1
How to prevent password being saved on web?
Is there any way, on the server side, to prevent a web browser from attempting to save a password?
As we put more sensitive information on secure websites, the risk of staff letting their browser remember their password becomes increasingly hazardous.
In an ideal world they'd be security conscious, and have a separate passworded account at home, just like they should have up to date anti-virus and anti-malware software installed. This would prevent anyone else, such as their kids/spouse etc, gaining access.
But just in case... rare though it would be... I'd like to prevent that situation from arising. (Basically I want to do as much as I can to help.)
23rd December 2008, 06:31 PM #2
In the IE7 ADM templates there is an option to disable the ability to save passwords!
23rd December 2008, 06:38 PM #3
Unfortunately that's on the client side - don't forget this is for the teacher's home computers, not the computers in the school.
Originally Posted by mmoseley
I seem to remember a news article (a few years back) complaining about a bank that allowed it's passwords to be remembered by the browser - and they changed something to prevent this. (I hate having vague memories about these things - because I know there's a solution, but I don't have enough information to do a productive search - g'ah!)
23rd December 2008, 06:44 PM #4
Sorrry! I should read things twice!
You can tell them to turn it off in IE
- In an Internet Explorer browser window, click on Tools
- Click on Internet Options
- On the Internet Options configuration console, click the Content tab.
- In the AutoComplete section, click on the Settings button
and there is an option to turn off the saving of passwords
EDIT - To delete the already stored passwords just delete all browser history (which includes passwords stored)
Last edited by mmoseley; 23rd December 2008 at 06:46 PM.
23rd December 2008, 07:13 PM #5
Just googled "bank prevent stored passwords" on the off chance, this thread is number one. but This looks like it there is a link there with a longer discussion on the same idea.
Thanks to Jenko22 from:
duncane (23rd December 2008)
23rd December 2008, 07:26 PM #6
LLoyds TSB still offer to "remember ...on this PC " but then ask for 3 letters/digits from something (totally un)memorable. That is, I can remember it, but workout the 3rd, 9th, and 12th letter without writing it down? No chance.
Will IE or FF remember it as a password if you call it something else? Perhaps; "Enter User Name" then "Enter Code".
23rd December 2008, 07:33 PM #7
If your savvy with web programming you could edit the login page
Username and password as form fields you could randomly generate a code to go on the end and use a different one every time the login page appears.
One time you could get loginX73h33 With PasswordU7878 , if its different everytime the browser wont be able to store the details.
23rd December 2008, 08:05 PM #8
something like this :
How to disable Internet Explorer password caching
Number 20 on the above link.
Email them the registry as a reg file and get them to double click on it and apply it and restart ie.
Might also want to advise them of ccleaner - enabling the passwords checkbox to clear out old passwords.
Last edited by mac_shinobi; 23rd December 2008 at 08:09 PM.
23rd December 2008, 08:22 PM #9
Thanks to mrcrazy04 from:
duncane (23rd December 2008)
23rd December 2008, 08:46 PM #10
Cool - it looks like there's some good information to be going on with there.
Jenko22 - I just need to try more synonyms - I didn't hit upon the right combination.
23rd December 2008, 09:45 PM #11
The simple answer is no. In the same way that the server cannot assume that its output will be rendered in any specific way nor can it trust anything a browser tells it.
Originally Posted by duncane
About the only thing you could do is try to have the server ask for a password in a way which browser won't recognise.
By kerlj001 in forum MIS Systems
Last Post: 5th October 2008, 10:29 PM
By djdohboy in forum Recommended Suppliers
Last Post: 11th September 2008, 08:05 PM
By Quackers in forum Windows
Last Post: 5th September 2008, 09:53 PM
By adamf in forum Windows
Last Post: 30th October 2007, 07:05 PM
By ruggie_uk in forum Windows
Last Post: 24th September 2007, 11:18 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)