These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for Auto-Completion Enabled for Password Fields on the new forum.
Hello:
PCI compliance time again. Although not causing a fail, this sounds like something I would like to implement. Is there a way to have the login page NOT allow autocompletion of username and password?
PCI scan report says this: The web server running on this host uses password fields that allow auto-completion by users' browsers. This could allow a user's credentials to be stored by the browser and subsequently exposed if the user's computer becomes compromised. Modify the identified page so that the password field and the enclosing form tags have an attribute named "autocomplete" with a value of "off".
Thanks, Bill56
same issue here.