carlobeltrame
commented
7 months ago I can reproduce the problem in the latest Chrome, but the button gets activated as soon as I click outside the input fields. So the problem is less critical than it seemed to me when I first read this issue, because tapping on the login button twice will still log you in correctly.
I would vote against auto-submitting the form. For one because it is hard or impossible for our application to detect whether the user was typing individual characters, pasting or using a password manager. One also has to consider users which user other input methods, or don't fill the form top-to-bottom etc. We simply shouldn't make any assumptions about how users do and prefer to fill in their passwords. The auto-submit feature seems to me like it should be done by the password manager, if at all.
Side note: Please be aware that the default behaviour of the google password manager of automatically auto-filling the credentials is considered bad practice and unsecure:
Sweep attacks take advantage of automatic password autofill to steal the credentials for multiple sites at once without the user visiting any of the victim sites. For password managers backed by a syncing service (such as Apple’s iCloud Keychain) the attacker can extract site passwords even if the user never visited the site on that device. These attacks work in password managers that support automatic autofill, highlighting the fundamental danger of this feature.
MarcoAllenspach
Additional: Maybe it could do an automatic login if the filds are filled by a password manager?