No manual password saving on https://www.teacherspayteachers.com/Signup/Buyer |
|
Issue descriptionChrome Version: 71.0.3578.0 (Developer Build) (64-bit) OS: GNU/Linux What steps will reproduce the problem? (1) Go to https://www.teacherspayteachers.com/Signup/Buyer (2) Type into the password field What is the expected result? A key icon in the Omnibox shows up as soon as the password field is not empty. What happens instead? No key icon. Notes: The visible field is of type="text", there is also a type="hidden" one with the actual password value, named "data[User][password]". The form contains only one type="password" field, and that one is nameless and not visible. However, at the time of parsing, a field named "data[User][password]" is seen as type="password".
,
Oct 11
I tend to think that this would be overfitting.
,
Oct 15
We would need to make sure that hidden fields are never considered for filling, which could make stealing passwords easier. If we offer hidden fields for saving, in the presence of a better alternatives (and without automatically popping up the save prompt), it might be useful without too much noise caused. However, overfitting seems to be a concern to me too -- if this is fits a very rare login-form-handling pattern and we are not sure about the impact on a broader set of sites, perhaps it's not worth it. Note that the login form on the site does not have this problem. So while the user would need to remember the password from sign-up, they only need to input it once on login. |
|
►
Sign in to add a comment |
|
Comment 1 by battre@google.com
, Oct 11