WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 9 months ago

#43886 new feature request

Chrome autofills password over "new password" field when updating user.

Reported by: WraithKenny Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Users Keywords: 2nd-opinion needs-patch
Focuses: administration Cc:

Description

Chrome, the wonderful browser that it is, is super helpful.

When editing a user (even your own), and attempting to update the password with a nice strong one, Chrome will (helpfully) insert *your* old password into the new password field, right when you click update. (You can tell, because the length of the password will change to your passwords length).

Incognito Mode fixes it, apparently, and uninstalling Chrome in favor of Firefox seems to work too.

From what I've been able to guess, it's because of Chrome's unique implementation of completely ignoring autocomplete="off" https://bugs.chromium.org/p/chromium/issues/detail?id=370363#c7 and suggests autocomplete="new-password" instead.

Alternatively, <form autocomplete="off"> could possibly work. https://stackoverflow.com/questions/15738259/disabling-chrome-autofill

It does seem to make sense to disable autocomplete completely on the edit-user form, since it's not actually useful to fill in some random user's info with info from your browser...especially passwords...despite what Chrome seems to believe.

Change History (4)

#1 @WraithKenny
3 years ago

  • Type changed from defect (bug) to feature request
  • Version set to trunk

#2 @pento
22 months ago

  • Version trunk deleted

#3 @ayeshrajans
12 months ago

Firefox 70 implements autocomplete=new-password now too, and I think this will be a nice UX improvements well.

I will submit patches for password reset and user registration fields.

#4 @bookdude13
9 months ago

This is related to #35707. If Chrome will actually respect new-password I like that approach. Turning the whole form autocomplete off is a blunt solution, but the simplicity of it is appealing...

Note: See TracTickets for help on using tickets.