Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

Disabling AutoComplete on forms

Posted by Michael Bloch in ecommerce (Monday August 7, 2006 )

An important issue raised at a recent “black hat” conference was the threat posed by the popular browser “autocomplete” feature – where users can have sensitive information stored in their browser cache in order to speed up completion of forms.

While we can’t control our users browser settings physically, we can prevent this feature working at the form level on our own sites.

The problem with the autocomplete feature is that it is very insecure – there are widely available free tools for grabbing that information from a users’ system. I won’t mention the name of the tools for lifting stored AutoComplete data for obvious reasons.

While the autocomplete function is easily switched off by the user, many people still use this method for storing sensitive information; either because they don’t know how to switch it off, or they just don’t understand the risks.

As a site owner, you can help protect users from themselves by adding a simple tag to your forms.

For example; a form field such as:

<input type="text" name="email">

with the addition of autocomplete=”off” like so:

<input type="text" name="email" autocomplete="off">

… will prevent both Firefox and Internet Explorer from caching the information, even if the AutoComplete feature is enabled in the user’s browser.

In case you don’t know how to switch off autocomplete in your own browser:

Internet Explorer

– Tools/Options
– Content Tab
– AutoComplete (click settings)

To delete any information that was already stored in AutoComplete, under Tools/options, click the general tab, then the “delete” button under browsing history. You’ll then see options for clearing form data and passwords.

Firefox

– Tools/Options
– Privacy

Select the “Saved forms” tab and untick the “save information I etc. etc.” box. Be sure to clear any stored information by clicking “clear saved” button.

Then click on the “passwords” tab and disable that function; be sure to click the “view saved passwords” and clear all those too.



 

 
1 comment for Disabling AutoComplete on forms
  1. side note… your menu does not work in any other browser except IE.

    which is rather annoying since most people only use IE now if their office forces them to.

    Comment by steve — July 27, 2007 @ 1:50 pm

Sorry, the comment form is closed at this time.