rccharles

Q: Clarification of turingtest2 on automatic login

is implying that you can be automatically logged in to ASC or at least ASC will remember my password.  How do I do that?

 

"You should find that on subsequent visits your email address and password are entered for you and clicking Sign In will log in without requiring authentication."

 

second page of

Remember user name and stay logged in?

 

I do not use two step login.

 

ASC is wiping out my password on the login window.  Very annoying when I made the decision to have my password saved by my browser.

 

login.png

iPhone 4, iOS 7.1.2

Posted on May 27, 2015 9:03 AM

Close

Q: Clarification of turingtest2 on automatic login

  • All replies
  • Helpful answers

Previous Page 2
  • by turingtest2,

    turingtest2 turingtest2 May 27, 2015 5:21 PM in response to ChitlinsCC
    Level 10 (87,700 points)
    Apple TV
    May 27, 2015 5:21 PM in response to ChitlinsCC

    I think in that context block means the element takes the full width of its parent. See http://learnlayout.com/display.html

     

    As shown here in the image I posted earlier my password is happily cached and filled in for me. At a guess on about 7 or 8 unique browsers running on different devices and operating systems. I get to this screen by clicking the Login link at the top of any ASC page. A shortcut to https://discussions.apple.com/login.jspa rather than some more complicated url would make the process reliable and one click shorter.

     

    Login1.png

     

    Given I have also been able to cache the password of a new non-two-step account I don't think this site is actively preventing passwords from being saved, or interfering with the browser's attempts to make use of a saved password.

     

    tt2

  • by rccharles,

    rccharles rccharles May 27, 2015 5:42 PM in response to turingtest2
    Level 6 (8,516 points)
    Classic Mac OS
    May 27, 2015 5:42 PM in response to turingtest2

    Problem has gone away in Firefox 38.0.1 on Fedora 22.

     

    Robert

  • by turingtest2,

    turingtest2 turingtest2 May 27, 2015 5:45 PM in response to rccharles
    Level 10 (87,700 points)
    Apple TV
    May 27, 2015 5:45 PM in response to rccharles

     

     

    tt2

  • by ChitlinsCC,

    ChitlinsCC ChitlinsCC May 27, 2015 7:30 PM in response to turingtest2
    Level 6 (8,097 points)
    Notebooks
    May 27, 2015 7:30 PM in response to turingtest2

    schooled once again, amigo

    ...interfering with the browser's attempts to make use of a saved password.

    In an effort to find the method, I stumbled across the obvious = autocomplete="off" type="password" ...

     

    by dragging from "Sign In" to the Blue Button > View Selection Source, I found the AREA and that particular code

    Picture 4.png

    THEN, Viewed the WHOLE Page Source for context page wide, one finds (oddly a different order in the two)

    Picture 2.png

    Banks are notorious... now here

     

    buenos noches (in case you get this your AM, buenos dias!)

    ÇÇÇ

  • by rccharles,

    rccharles rccharles May 27, 2015 8:14 PM in response to ChitlinsCC
    Level 6 (8,516 points)
    Classic Mac OS
    May 27, 2015 8:14 PM in response to ChitlinsCC

    I'm not able to follow you ChitlinsCC.  Seems the autocomplete isn't involved in the problem.  Login is working for me with the upgrade to Firefox 38.0.1.  I suggest you try the latest version of TenFourFox.  Should have the fix.

     

    Autocomplete:

    "Autocomplete allows the browser to predict the value. When a user starts to type in a field, the browser should display options to fill in the field, based on earlier typed values."  Not something you want with a password.

    http://www.w3schools.com/tags/att_input_autocomplete.asp

     

    ( fyi: I think my reference is better .  Too much mental processing at this time to sort out the Computer Science write-up. )

     

    Robert

    PS.  There could have been some bug associate with autocomplete for all I know.

  • by ChitlinsCC,

    ChitlinsCC ChitlinsCC May 27, 2015 9:35 PM in response to rccharles
    Level 6 (8,097 points)
    Notebooks
    May 27, 2015 9:35 PM in response to rccharles

    AUTOCOMPLETE to a GECKO browser is not a guessing game but a named function referring to stuff it saves in the distinct Managers

    • FORM field values
      • name
      • address
      • city
      • state
      • etc
    • CREDENTIAL field values
      • User ID
      • password

     

    according to this > https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning _off_form_autocompletion - websites' ability to defeat Firefox ignoring that command was dealt with in FF 30.x - I am running TFF 31.7 since early May - TFF 31.6 since early March.

     

    • The autocomplete="off" code is clearly there in ASC login page source
    • My bank also does it
    • BOTH continue to succeed in preventing the Password Manager from populating the password field
    • BOTH are able to be worked around with the TAB method - proving that Password Manager is not faulty and CAN populate the field when forced

     

    All that said, my poor Pismo/Tiger will not catch up to FF 38.x for quite a while!! I wonder if there is further code besides autocomplete="off" elsewhere in the source? hard to FIND when you don't what your looking for...

     

    RE: the PS... there WAS a bug fixed - see the 'announcement' banner at the top of the linked page

     

    WELL Well... whaddya know - search "password" long enough in the page source and voila!

    Picture 1.png

     

    MAYBE?

     

    and with that, good nite, see ya mañana

    ÇÇÇ

  • by turingtest2,

    turingtest2 turingtest2 May 28, 2015 2:33 AM in response to ChitlinsCC
    Level 10 (87,700 points)
    Apple TV
    May 28, 2015 2:33 AM in response to ChitlinsCC

    My guess is that autocomplete='off" is an instruction to the browser not to cache the content of the field in the low security auto complete mechanism. Declaring the field type as password ensures that characters typed into the field are displayed as asterisks, and flagged up for the password management system.

     

    tt2

  • by ChitlinsCC,

    ChitlinsCC ChitlinsCC May 28, 2015 7:28 AM in response to turingtest2
    Level 6 (8,097 points)
    Notebooks
    May 28, 2015 7:28 AM in response to turingtest2

    tt2 sed:

    ...characters typed into the field are displayed as asterisks,...

    This is called "Password Masking" - no relation to autocomplete -- from http://www.w3.org/2001/tag/doc/passwordsInTheClear-52

    3 Passwords displayed in Browser

    HTML allows authors to create input forms. If a form field is a password, password masking SHOULD take place to protect the user from onlookers seeing what is being entered and stop anyone from later using the 'back' button to discover passwords.

     

    Extrecting the pertinent autocomplete attribute  from the long w3.org page cited above.in a previous post.. see " Banks frequently do not want UAs to prefill login information: " below

     

    4.10.7.2.1 The autocomplete attribute

    User agents sometimes have features for helping users fill forms in, for example prefilling the user's address based on earlier user input.

    The autocomplete attribute is an enumerated attribute. The attribute has three states. The on keyword maps to the on state, and the off keyword maps to the off state. The attribute may also be omitted. The missing value default is the default state.

    The off state indicates either that the control's input data is particularly sensitive (for example the activation code for a nuclear weapon); or that it is a value that will never be reused (for example a one-time-key for a bank login) and the user will therefore have to explicitly enter the data each time, instead of being able to rely on the UA to prefill the value for him; or that the document provides its own autocomplete mechanism and does not want the user agent to provide autocompletion values.

    Conversely, the on state indicates that the value is not particularly sensitive and the user can expect to be able to rely on his user agent to remember values he has entered for that control.

    The default state indicates that the user agent is to use the autocomplete attribute on the element's form owner instead. (By default, the autocomplete attribute of form elements is in the on state.)

    Each input element has a resulting autocompletion state, which is either on or off.

    When an input element is in one of the following conditions, the input element's resulting autocompletion state is on; otherwise, the input element's resulting autocompletion state is off:

    When an input element's resulting autocompletion state is on, the user agent may store the value entered by the user so that if the user returns to the page, the UA can prefill the form. Otherwise, the user agent should not remember the control's value, and should not offer past values to the user.

    In addition, if the resulting autocompletion state is off, values are reset when traversing the history.

    The autocompletion mechanism must be implemented by the user agent acting as if the user had modified the element's value, and must be done at a time where the element is mutable (e.g. just after the element has been inserted into the document, or when the user agent stops parsing).

    Banks frequently do not want UAs to prefill login information:

    <p><label>Account: <input type="text" name="ac" autocomplete="off"></label></p> 
    <p><label>PIN: <input type="password" name="pin" autocomplete="off"></label></p>

    A user agent may allow the user to override the resulting autocompletion state and set it to always on, always allowing values to be remembered and prefilled), or always off, never remembering values. However, the ability to override the resulting autocompletion state to on should not be trivially accessible, as there are significant security implications for the user if all values are always remembered, regardless of the site's preferences.

    MY Bank > https://chaseonline.chase.com/Logon.aspx - as I have said before, does this too - AND can be "worked around" using the TAB method described...

    Picture 2.png

    ========

    Picture 1.png

    ========

    Isn't " Cache " different than " Remember " in the Password Manager? My understanding is cache is like a local copy of recently visit pages, first in - first out if one reaches the Default of user set limit to the storage allotted.

     

    Another function that we may be confusing with this is the browser "automatically remembering" a string previously entered into a field and "GUESSING" that you want to type it again - like the URL location bar for instance (sorry, I don't recall the term)

    Picture 3.png

     

    Methinks we are at the end of this academic discussion, as it IS Somehow implemented and we must deal with it how we see fit, ActionFlow driven - TABbing or keying the string

     

    We have had enough rain here, thanks. You Brits can have it back! (once spent 2 weeks in December in the UK = misery)

    ÇÇÇ

Previous Page 2