search

matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
https://matomo.org/
GNU General Public License v3.0
19.88k stars 2.65k forks source link

When changing another user's password, prevent password field to be auto filled by password manager #14711

Open mattab opened 5 years ago

mattab commented 5 years ago

Reported by a user:

I experienced a weird issue with my LastPass (https://lastpass.com) client in Chrome: it auto-filled the user password field with the value of the superuser password (which you know is requested from the su before allowing to submit the form). As result the user gets it's password overwritten. This is not exactly your problem, but I guess you might want to know that, so you can get to LastPass with it.

-> Goal of this issue would be to prevent this auto-filling of password while changing another user's password. Maybe sufficient to rename the password input field name on the "edit user" screen?

Findus23 commented 5 years ago

There is a nice autocomplete="off" HTML attribute, but thanks to banks and other companies, who thought disabling password managers for their login would make them more secure, all Browsers ignore it. So there are only ugly hacks left or moving the password to a separate page.