Question:

Question: Disable 10.14.4 Safari auto-submit of login forms

One of the new "features" in the latest Safari update is that it auto-submits login forms after populating your passwords for you. While good in theory, it's a disaster for me. I use a few sites that have Captchas on them and when i click on my username, the password populates and Safari submits the form before I have completed the captcha causing a login failure.


Is there a way to disable this feature? I have dug through the settings and can't seem to find the option. I've already been locked out of one account and I'm scared to login to my school website for fear of getting locked out of that too!


Thanks

MacBook Pro 15", macOS 10.14

Posted on

Reply
Question marked as Solved
Answer:
Answer:

The original question is: "Is there a way to disable this feature?"


The answer is: "No."


Answers like "Entering a password for one or two affected sites by hand from my perspective doesn't appear too big a deal" are condescending at best, and should be avoided.

Posted on

Question marked as Helpful

Apr 1, 2019 7:54 AM in response to jasonlot In response to jasonlot

Yep, seeing the same thing. Seems like Apple doesn't QA their own software during actual day to day use. Not sure why they changed the way it worked in the first place. I don't need it to "auto press enter". I liked how it was before in that I can choose the username/password to enter into each respective field and then I'LL press enter when I'm ready.

Question marked as Helpful

Apr 1, 2019 8:00 AM in response to SiHancox In response to SiHancox

No, it's 100% Apple. This is the specific part that's causing our issues from the 10.14.4 update:


• Streamlines website login when filling credentials with Password AutoFill.


They didn't account for sites that require captcha. What's worse is that the end user experience is worse off as it's now requiring TouchID or a password be used when filling in Safari credentials, when that wasn't the case for 10.14.3. I get the security angle of it, but common sense tells you that whoever is using the computer already has access! They need to at the very least allow us to revert back to the 10.14.3 method of Safari authentication.

There’s more to the conversation

Read all replies

Apr 1, 2019 1:16 AM in response to whiteatom In response to whiteatom

I'm not sure if the issue is to do with the latest 10.4.4 upgrade or something specific (ie. gone wrong) on your computer or how some websites are implementing password entry.


All I can suggest at the moment if its the former is to remove the password that's saved for the troublesome site(s) by going to Safari Preferences Password tab, enter your login password then search for the site, select and then click "Remove". That way it can't autofill which might give you time to do the other entries (but make a note of the details first and keep safe).


Unfortunately you can't disable Autofill per site, only globally by unticking the box in the top left which if the majority of sites are fine can be a bit of a pain, filling one or two sites in by hand is one thing, having to do it for all might not be such a good idea.


I believe the issue may be a combination of Apple changing something in the last update coupled with how web sites implement password entry, the reason I say that is when visiting an Apple site I get a box for ID which I can click on a suggestion to fill, then a second dropdown box appears which I again get offered a suggestion to fill password, only then will the site open.


Another site does roughly the same but after the ID entry part it goes to another page for the password entry, but still with the suggestions popping up as before.


A third site I tried was similar to Apple's but once the suggested ID was entered in auto filled password and jumped straight to the page, strangely this one prompted me to "save new info", on further investigation the password had been change to a very long string of characters which it was trying to re-save, this had to be declined for obvious reasons.


So, until either Apple gets around to sorting this or the "troublesome" websites update their login pages I don't see what else you/or I can do.


Hope some of this helps.

Apr 1, 2019 1:16 AM

Reply Helpful

Apr 1, 2019 7:41 AM in response to SiHancox In response to SiHancox

This is 100% a new bug/feature in 10.4.4. It's not an issue with how websites implemented password entries. It's an issue with how Safari now implements auto filling passwords on sites. This is not a site issue. It's an Apple Safari issue.

Apr 1, 2019 7:41 AM

Reply Helpful (3)
Question marked as Helpful

Apr 1, 2019 7:54 AM in response to jasonlot In response to jasonlot

Yep, seeing the same thing. Seems like Apple doesn't QA their own software during actual day to day use. Not sure why they changed the way it worked in the first place. I don't need it to "auto press enter". I liked how it was before in that I can choose the username/password to enter into each respective field and then I'LL press enter when I'm ready.

Apr 1, 2019 7:54 AM

Reply Helpful (3)

Apr 1, 2019 7:56 AM in response to jasonlot In response to jasonlot

I don't employ any other browsers so can't test your theory that it's Apple's fault, but when signing on to different sites (tried 3 I use on a regular basis) the login process was definitely handled differently for each, and to me that's not entirely to do with Apple but also how the websites have been designed.


Maybe other browsers are more tolerant of these differences and if so then yes, Apple could do better.


But whoever is responsible and until it gets fixed the only work around I see is for whiteatom to not use autofill on troublesome sites or switch to a third party browser.

Apr 1, 2019 7:56 AM

Reply Helpful
Question marked as Helpful

Apr 1, 2019 8:00 AM in response to SiHancox In response to SiHancox

No, it's 100% Apple. This is the specific part that's causing our issues from the 10.14.4 update:


• Streamlines website login when filling credentials with Password AutoFill.


They didn't account for sites that require captcha. What's worse is that the end user experience is worse off as it's now requiring TouchID or a password be used when filling in Safari credentials, when that wasn't the case for 10.14.3. I get the security angle of it, but common sense tells you that whoever is using the computer already has access! They need to at the very least allow us to revert back to the 10.14.3 method of Safari authentication.

Apr 1, 2019 8:00 AM

Reply Helpful (2)

Apr 1, 2019 8:09 AM in response to Shareef Yousef In response to Shareef Yousef

I'm not sure but this issue could be affecting people differently depending on the sites they visit, out of all the sites I've checked so far only one is demonstrating this "auto enter" behaviour, for every other site I have to trackpad click on ID and Password stages.


ps. Sorry did not see your last post in time, but one of the 15 sites I checked used Captcha and again my autofill paused after ID entry, then filled Password after captcha was successfully completed.

Apr 1, 2019 8:09 AM

Reply Helpful

Apr 1, 2019 8:32 AM in response to SiHancox In response to SiHancox

Thanks, but I think you missed the point of my question. I don't want to disable the auto-fill.. its the auto-submit that was added as a feature in the latest version of Safari that I want to disable. Nothing is wrong with my Mac - the work flow is just not compatible with some websites I use regularly.

Apr 1, 2019 8:32 AM

Reply Helpful (3)

Apr 1, 2019 8:35 AM in response to whiteatom In response to whiteatom

I get your point. I want the same thing. I want to be able to click a credential to use from the drop-down (without having to use touchID), and NOT have it auto enter. Essentially, just go back to the way it was in 10.14.3.

Apr 1, 2019 8:35 AM

Reply Helpful

Apr 1, 2019 9:47 AM in response to whiteatom In response to whiteatom

I didn't advocate turning off "Autofill" system wide, if you look at my post again (second paragraph) I suggested until the issue gets resolved you just don't use that method on the site that's having the problem by not having the information saved in Safari/Keychains, in other words delete login and password for that site only.


Doing that retains autofill for all other sites that don't have this issue, but when it comes to logging in to the ones that do you will not get "auto entered" until you are ready and completed entering the password by hand.


It's not intended as a solution but a work around until this gets fixed, but depending on whoever is at fault (ie. Website or Apple) that might not be very quick and because this issue was locking you out of important sites I assumed preventing that happen again would be your priority.


Your other option is of course to try another browser, but I'm not sure on how much work that will entail moving over all of your passwords hence my original suggestion to just enter by hand for the odd site.


Not sure what else to say, I personally don't believe this is just Apple's fault largely due to the fact it's not happening on my system for the majority of sites, but that doesn't help you or the others that are experiencing this problem, lets just hope it gets resolved quickly.

Apr 1, 2019 9:47 AM

Reply Helpful

Apr 1, 2019 10:19 AM in response to SiHancox In response to SiHancox

The problem is that I use complex passwords that safari generates for me - so I don't know them. If I delete them from the Safari passwords they are gone! I know I can copy them out to a text file, but that totally defeats the security they are trying to create.


It's 100% Apple's fault - a feature that tests well in a lab, but fails on some sites - just so happens to be some I use. This is a new "feature" that's not completely compatible with the work flow they intend me to use, so they should make it a disable-able option - that's all. A little check box on the bottom of the passwords screen would solve this.


If you look into the issue, you quickly get taken to long threads about 1Password when they added the same feature. They ended up taking it out because if the website wasn't coded according to standard, the autofill could put the password in a plain text field and when its submitted, it could get stored in a database or log file.


I'm not against the feature - it seems like a slight increase in efficiency, but there are always going to be situations where it doesn't work as intended, so give me the option to turn it off.

Apr 1, 2019 10:19 AM

Reply Helpful

Apr 1, 2019 11:19 AM in response to whiteatom In response to whiteatom

I don't necessarily disagree with your comments, but your original question was can this "auto entry" behaviour be disabled because you are afraid to use certain sites (or words to that effect).


The simple answer at the moment is no, it can't be disabled, so you are left with limited options, a work around as I've suggested, try another browser (I would say could entail more work than doing the work around) or don't use those affected sites.


Whoever's responsible, I'm sure the "fix" isn't going to happen overnight so we all have to make the best of it, some like myself appear to be getting away lightly but for others it's going to mean a little inconvenience. Entering a password for one or two affected sites by hand from my perspective doesn't appear too big a deal to avoid being locked out.


Ultimately you have to decide on what's best for you though.


Regarding text files and security, if the passwords are really so long that it would be impossible to enter by hand you can still employ a copy/paste technique by creating a Secure Note in Keychain Access. This Note can contain all the long passwords for the troublesome sites and when required you just unlock the note with your computer login password to copy/paste, once done close the note and it's secured again.

Apr 1, 2019 11:19 AM

Reply Helpful
Question marked as Solved

Apr 1, 2019 11:32 AM in response to SiHancox In response to SiHancox

The original question is: "Is there a way to disable this feature?"


The answer is: "No."


Answers like "Entering a password for one or two affected sites by hand from my perspective doesn't appear too big a deal" are condescending at best, and should be avoided.

Apr 1, 2019 11:32 AM

Reply Helpful

Apr 1, 2019 11:45 AM in response to jasonlot In response to jasonlot

I think you/we have to accept the facts, there’s a current problem with entering passwords for certain sites, all the moaning and finger pointing will not alter that. The original post was what can be done to avoid having this issue lock the sites, I’ve given my thoughts and a possible work around, may be you can offer an alternative, if not it’s not worth continuing this discussion.

Apr 1, 2019 11:45 AM

Reply Helpful
User profile for user: whiteatom

Question: Disable 10.14.4 Safari auto-submit of login forms