Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
ghayes
on May 4, 2014
|
parent
|
context
|
favorite
| on:
Chrome's experiment of hiding the URL is great for...
But `input[type="password"]` would cover the majority of login forms. At the least, it would force the con-artist have to mimic a native password box, which is more likely to get caught by the end-user.
nodata
on May 4, 2014
|
next
[–]
Yes. Anything that doesn't use a password field is normally a giant hack anyway.
nyrina
on May 5, 2014
|
prev
[–]
So facebook's mobile login page wouldn't trigger, for example.
It's not as simple as peolpe think of it. It never is.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
