thijskh
commented
1 year ago Would one-time-code be a more appropriate value?
Closed MKodde closed 1 year ago
thijskh
commented
1 year ago Would one-time-code be a more appropriate value?
MKodde
commented
1 year ago Would
one-time-codebe a more appropriate value?
Do you suggest:
~safe-store recovery token~ on-time-code?
tvdijen
commented
1 year ago I think Thijs means autocomplete="one-time-code"
See: https://robindirksen.com/blog/html-autocomplete-one-time-code
Unfortunately most browsers will ignore this and suggest to save it input anyway
Edit: this appears to be only the case where input type=password
In this case it probably makes more sense to set autocomplete="off" on form-level!
This was done for the safe-store recovery token authentication form and the verify sms challenge forms.
See: https://www.pivotaltracker.com/story/show/185006156