Hacker News new | past | comments | ask | show | jobs | submit login

I followed the link, entered my username and was about to enter my password.

This is the problem demanding a real solution, not some cosmetic change around the URL. Your browser should be entering the credentials.

The computer is not fooled by an ugly URL. If the domain doesn't match, no password for you. If the protocol is different from the one you used the first time (https hopefully), no password for you.

Yet instead, we get autocomplete="off" and a butchered URL bar.




I don't understand why do banks often have autocomplete=off. (At least my bank does.) What is the reasoning?

Luckily, LastPass ignores that.


to prevent login and password from being automatically filled, so someone using your OS user or browser user can't login to your bank account.


True. I actually forgot people let other people use their computers. (And I really mean it, I just didn't realize it.)


We also shouldn't be sending our credentials to any site where we authenticate. Passwords are just plain wrong.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: