Disable 10.14.4 Safari auto-submit of login forms

This is 100% a new bug/feature in 10.4.4. It's not an issue with how websites implemented password entries. It's an issue with how Safari now implements auto filling passwords on sites. This is not a site issue. It's an Apple Safari issue.

The original question is: "Is there a way to disable this feature?"

The answer is: "No."

Answers like "Entering a password for one or two affected sites by hand from my perspective doesn't appear too big a deal" are condescending at best, and should be avoided.

This is a serious inconvenience to some of us. Those who want the option to disable auto-submit should file a report at:

https://www.apple.com/feedback/safari.html

If many of us do it rapidly, they may even realize their mistake and give us the option soon.

You may want to consider reporting your observation regarding accessing secure sites direct to Apple via Apple Feedback, you can select "Bug" as the type and then give details in the appropriate box, also give reference to this discussion.

Product Feedback - Apple

Posting in this forum doesn't guarantee that Apple will take note because it's mainly a user to user area, but using one of the three official methods ie. Apple Feedback, Dev Bug Reporting or contacting Customer Care should at least get the issue highlighted in the right quarters, plus the more reports they receive the better the likelihood of a response.

In the App Store there is an app called "Stop the Madness". Odd name, but one of the things it does if you set its preferences, is to give you a pop-up window whenever Safari tries to auto-log you in. You can click on "Cancel" and it will not autosubmit.

Here is a picture of the pop-up box:

The app does other things to protect you from having your browser remotely controlled, etc. I have downloaded it and although it adds a step to every log-on, I like the protection.

I'm not sure if the issue is to do with the latest 10.4.4 upgrade or something specific (ie. gone wrong) on your computer or how some websites are implementing password entry.

All I can suggest at the moment if its the former is to remove the password that's saved for the troublesome site(s) by going to Safari Preferences Password tab, enter your login password then search for the site, select and then click "Remove". That way it can't autofill which might give you time to do the other entries (but make a note of the details first and keep safe).

Unfortunately you can't disable Autofill per site, only globally by unticking the box in the top left which if the majority of sites are fine can be a bit of a pain, filling one or two sites in by hand is one thing, having to do it for all might not be such a good idea.

I believe the issue may be a combination of Apple changing something in the last update coupled with how web sites implement password entry, the reason I say that is when visiting an Apple site I get a box for ID which I can click on a suggestion to fill, then a second dropdown box appears which I again get offered a suggestion to fill password, only then will the site open.

Another site does roughly the same but after the ID entry part it goes to another page for the password entry, but still with the suggestions popping up as before.

A third site I tried was similar to Apple's but once the suggested ID was entered in auto filled password and jumped straight to the page, strangely this one prompted me to "save new info", on further investigation the password had been change to a very long string of characters which it was trying to re-save, this had to be declined for obvious reasons.

So, until either Apple gets around to sorting this or the "troublesome" websites update their login pages I don't see what else you/or I can do.

Hope some of this helps.

Yep, seeing the same thing. Seems like Apple doesn't QA their own software during actual day to day use. Not sure why they changed the way it worked in the first place. I don't need it to "auto press enter". I liked how it was before in that I can choose the username/password to enter into each respective field and then I'LL press enter when I'm ready.

I don't employ any other browsers so can't test your theory that it's Apple's fault, but when signing on to different sites (tried 3 I use on a regular basis) the login process was definitely handled differently for each, and to me that's not entirely to do with Apple but also how the websites have been designed.

Maybe other browsers are more tolerant of these differences and if so then yes, Apple could do better.

But whoever is responsible and until it gets fixed the only work around I see is for whiteatom to not use autofill on troublesome sites or switch to a third party browser.

No, it's 100% Apple. This is the specific part that's causing our issues from the 10.14.4 update:

• Streamlines website login when filling credentials with Password AutoFill.

They didn't account for sites that require captcha. What's worse is that the end user experience is worse off as it's now requiring TouchID or a password be used when filling in Safari credentials, when that wasn't the case for 10.14.3. I get the security angle of it, but common sense tells you that whoever is using the computer already has access! They need to at the very least allow us to revert back to the 10.14.3 method of Safari authentication.

I'm not sure but this issue could be affecting people differently depending on the sites they visit, out of all the sites I've checked so far only one is demonstrating this "auto enter" behaviour, for every other site I have to trackpad click on ID and Password stages.

ps. Sorry did not see your last post in time, but one of the 15 sites I checked used Captcha and again my autofill paused after ID entry, then filled Password after captcha was successfully completed.

I get your point. I want the same thing. I want to be able to click a credential to use from the drop-down (without having to use touchID), and NOT have it auto enter. Essentially, just go back to the way it was in 10.14.3.

I didn't advocate turning off "Autofill" system wide, if you look at my post again (second paragraph) I suggested until the issue gets resolved you just don't use that method on the site that's having the problem by not having the information saved in Safari/Keychains, in other words delete login and password for that site only.

Doing that retains autofill for all other sites that don't have this issue, but when it comes to logging in to the ones that do you will not get "auto entered" until you are ready and completed entering the password by hand.

It's not intended as a solution but a work around until this gets fixed, but depending on whoever is at fault (ie. Website or Apple) that might not be very quick and because this issue was locking you out of important sites I assumed preventing that happen again would be your priority.

Your other option is of course to try another browser, but I'm not sure on how much work that will entail moving over all of your passwords hence my original suggestion to just enter by hand for the odd site.

Not sure what else to say, I personally don't believe this is just Apple's fault largely due to the fact it's not happening on my system for the majority of sites, but that doesn't help you or the others that are experiencing this problem, lets just hope it gets resolved quickly.

I don't necessarily disagree with your comments, but your original question was can this "auto entry" behaviour be disabled because you are afraid to use certain sites (or words to that effect).

The simple answer at the moment is no, it can't be disabled, so you are left with limited options, a work around as I've suggested, try another browser (I would say could entail more work than doing the work around) or don't use those affected sites.

Whoever's responsible, I'm sure the "fix" isn't going to happen overnight so we all have to make the best of it, some like myself appear to be getting away lightly but for others it's going to mean a little inconvenience. Entering a password for one or two affected sites by hand from my perspective doesn't appear too big a deal to avoid being locked out.

Ultimately you have to decide on what's best for you though.

Regarding text files and security, if the passwords are really so long that it would be impossible to enter by hand you can still employ a copy/paste technique by creating a Secure Note in Keychain Access. This Note can contain all the long passwords for the troublesome sites and when required you just unlock the note with your computer login password to copy/paste, once done close the note and it's secured again.