Hacker News new | past | comments | ask | show | jobs | submit login

Here's a huge reason why this is bad. Our company let's you set a "global password" to lock your site. Chrome was auto-filling the password site silently, and exposing people's personal passwords to their whole team when they saved. I understand wanting control, but... Sometimes this is horrible behavior.



Why isn't that a bug in your application? Unless you're building a password manager, passwords should never be shown to someone else. If you need the ability to let multiple people do things, they should still perform the action using their private credentials so you'd have accurate records for who initiated the action.


No, it's an outward facing password to preview non-live sites, like Shopify or Squarespace have. More of a beta code than a password.


Why don't you use, you know, a password field for entering that password?


We did, which caused the problem. (We had a "show password" option, but even if we didn't, it'd still be visible in the HTML)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: