How to prevent password being saved on web?

Is there any way, on the server side, to prevent a web browser from attempting to save a password?

As we put more sensitive information on secure websites, the risk of staff letting their browser remember their password becomes increasingly hazardous.

In an ideal world they'd be security conscious, and have a separate passworded account at home, just like they should have up to date anti-virus and anti-malware software installed. This would prevent anyone else, such as their kids/spouse etc, gaining access.

But just in case... rare though it would be... I'd like to prevent that situation from arising. (Basically I want to do as much as I can to help.)

Any ideas?

In the IE7 ADM templates there is an option to disable the ability to save passwords!:)

Quote:

---

Originally Posted by mmoseley

In the IE7 ADM templates there is an option to disable the ability to save passwords!:)

---

Unfortunately that's on the client side - don't forget this is for the teacher's home computers, not the computers in the school.

I seem to remember a news article (a few years back) complaining about a bank that allowed it's passwords to be remembered by the browser - and they changed something to prevent this. (I hate having vague memories about these things - because I know there's a solution, but I don't have enough information to do a productive search - g'ah!)

Sorrry! I should read things twice!

You can tell them to turn it off in IE

• In an Internet Explorer browser window, click on Tools
• Click on Internet Options
• On the Internet Options configuration console, click the Content tab.
• In the AutoComplete section, click on the Settings button

and there is an option to turn off the saving of passwords :)

EDIT - To delete the already stored passwords just delete all browser history (which includes passwords stored)

Just googled "bank prevent stored passwords" on the off chance, this thread is number one. but This looks like it there is a link there with a longer discussion on the same idea.

LLoyds TSB still offer to "remember ...on this PC " but then ask for 3 letters/digits from something (totally un)memorable. That is, I can remember it, but workout the 3rd, 9th, and 12th letter without writing it down? No chance.

Will IE or FF remember it as a password if you call it something else? Perhaps; "Enter User Name" then "Enter Code".

If your savvy with web programming you could edit the login page

instead of

Username and password as form fields you could randomly generate a code to go on the end and use a different one every time the login page appears.

One time you could get loginX73h33 With PasswordU7878 , if its different everytime the browser wont be able to store the details.

something like this :

How to disable Internet Explorer password caching

OR

http://www.merawindows.com/Forums/ta...s/Default.aspx

Number 20 on the above link.

Email them the registry as a reg file and get them to double click on it and apply it and restart ie.

Might also want to advise them of ccleaner - enabling the passwords checkbox to clear out old passwords.

?????

Code:

---

autocomplete="off"

---

in the username/password boxes looks like it might be the way to do it - and you could combine it with javascript to blank the input boxes when the page loads as well.

Cool - it looks like there's some good information to be going on with there.

Jenko22 - I just need to try more synonyms - I didn't hit upon the right combination.

MrCrazy04 - Javascript to blank the boxes seems a good idea too.

Quote:

---

Originally Posted by duncane

Is there any way, on the server side, to prevent a web browser from attempting to save a password?

---

The simple answer is no. In the same way that the server cannot assume that its output will be rendered in any specific way nor can it trust anything a browser tells it.

About the only thing you could do is try to have the server ask for a password in a way which browser won't recognise.