how to hide remembered passwords from firefox ?

SBSP

Senior Member
Joined
Sep 7, 2007
Messages
663
Normally if you go to a login page when you log in for the first time you can click the "Remember Password" popup in the browser.

Next time if you log out and you are back at the login page, The browser will remember your username and password.
but the password displays as "***************" because the input type of the html input box is set as type="password"

if Firefox if you right click the page and select
"View Page Info" --> "Security Tab" --> "View Saved Passwords" and if you then click "show Passwords" it will display the password in readable format.

This works for all websites I came across so far including google,facebook ect ect. I often use this feature If I forgot my password.

I recently forgot my battle.net password when I wanted to log in to play Starcraft II , I tried to get my password from the login screen on their website because its the same password that i need to login with the batttle.net app on my PC, Its displayed as ******* and will login if I click login it goes in as expected, but when I try to get the password by viewing page info and show passwords in firefox its shows the password in "**********" format.

I didn't know it was possible to hide the password from FF,
When looking at the page code.

the input box code is

HTML:
<input
aria-labelledby="password-label"
id="password"
name="password"
title="Password"
maxlength="16"
type="password"
tabindex="1"
class="input-block input-large"
autocomplete="off"
placeholder="Password"
autocorrect="off"
spellcheck="false"
/>

How are they doing this ? because I also want to be able to block password viewing on my websites ?
 

Solarion

Honorary Master
Joined
Nov 14, 2012
Messages
21,887
Tried encrypting the cookies?

Code:
private static void SetEncryptedCookie(string name, string value)
{
    var encryptName = SomeEncryptionMethod(name);
    Response.Cookies[encryptName].Value = SomeEncryptionMethod(value);
    //set other cookie properties here, expiry &c.
    //Response.Cookies[encryptName].Expires = ...
}

private static string GetEncryptedCookie(string name)
{
    //you'll want some checks/exception handling around this
    return SomeDecryptionMethod(
               Response.Cookies[SomeDecryptionMethod(name)].Value);
}
 

neo_

Well-Known Member
Joined
May 20, 2015
Messages
453
To see your passwords, go to Menu > Options > Security > Saved Logins. There's a button there that allows you to show passwords. If you want to prevent passwords from being filled out automatically, I'd recommend you use a master password, which can be found in the same options panel.
 

Max Headroom

Active Member
Joined
Nov 16, 2010
Messages
63
Use a master password as _neo suggested.

But you asked how do web pages stop password to be saved.
I guess there are a lot of tricks people use for extra security.
Such as using Java Script to hash you password and put that back into your password field and then use secure means to send password to server.
Also, not sure if it is still the case, FF does not store passwords from secure pages (https//), but there was an addon that over rode it.
 
Top