Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Password reset fields set to type text #311

Closed
richardhallett opened this issue Feb 13, 2020 · 2 comments
Closed

Password reset fields set to type text #311

richardhallett opened this issue Feb 13, 2020 · 2 comments
Assignees
@richardhallett
Labels
bug

Comments

@richardhallett
Copy link
Contributor

The input fields for the password reset are set to input type="text" this has the behaviour of letting the browser try to remember this as plain text as opposed to only just for passwords.

This is potentially bad security as it could end up exposing the users passwords in other prompts unintentionally.

Suggestion is to set input type to "password", alternatively we could expand this to be a toggled switch to show the password visibility and set the text field to have "autocomplete=off" to attempt to avoid any accidental browser remembering.
@richardhallett richardhallett self-assigned this Feb 13, 2020
@mfenner
Copy link
Contributor

mfenner commented Feb 13, 2020

+1 for type="password".

richardhallett added a commit that referenced this issue Feb 14, 2020
@richardhallett
Use password type for changing password
b79766f 
Ref #311
@richardhallett
Copy link
Contributor Author

Made the change to type="password", Deployed to test, will go to production in next release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@richardhallett richardhallett

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mfenner @richardhallett