Implemented Change Admin CP "password" input to not remember passwords

[Kent]

Remembering passwords in the admin control panel causes them to be stored in plaintext on the computer.

HTML5 has a new attribute for the input element called autocomplete, which tells the browser not to remember the entered value, and not to bring up previously remembered values, though it won't forget those.

Support for this may not be relied on, so a Javascript solution could be used to prevent the password form being stored in plaintext by the browser.

The field could also be changed to a password type with a confirmation, which is less convenient.

The Admin CP password could have a checkbox that enforces the change to be temporary, so when a user logs in they are required to change the password. Maybe this belongs in another suggestion...

 

[Jeremy P]

Honestly the fact that websites can decide what passwords my browser can and can not remember frustrates me to no end. If storage is in plaintext or otherwise insecure, complain to the people who make the browser. If you are concerned that your administrators aren't wise enough to decide when and when not to save passwords, educate them. If you still can not trust them, why are they administrators?

 

[Kent]

Honestly the fact that websites can decide what passwords my browser can and can not remember frustrates me to no end. If storage is in plaintext or otherwise insecure, complain to the people who make the browser. If you are concerned that your administrators aren't wise enough to decide when and when not to save passwords, educate them. If you still can not trust them, why are they administrators?

I'm talking about the HTML input when changing a user's password on the admin control panel, not the remember password feature many browsers have. Sorry about the confusion there.