0

We have an existing web site and we are changing the type of information that's required to log in. We are finding that users' password managers are still submitting the old information, causing the users' new login credentials to be rejected. The password manager is even passing fields that we no longer have in the page to our authentication code.

We have removed an input field, changed the form name and changed the names of the remaining input fields. We have had the users clear the browser cache, to no avail. When the users manually delete the information in the password manager, they can log in.

What else do we need to do so that the password manager does not fill in the old data for other users?

elmonty
  • 2,395
  • 3
  • 20
  • 28
  • did you try adding `autocomplete="off"` to the input fields/form? – Hybrid Mar 28 '19 at 20:54
  • 1
    Also, it looks like this has been discussed here: https://stackoverflow.com/questions/17719174/autocomplete-off-is-not-working-when-the-input-type-is-password-and-make-the - the consensus seems to be that password managers override `autocomplete="off"`, and the temporary solution (which works everywhere except firefox) is to use `autocomplete="new-password"` – Hybrid Mar 28 '19 at 20:56
  • It's not a password field. Will autocomplete="new-password" still work? – elmonty Mar 28 '19 at 21:01
  • If that's the case, then just try `autocomplete="off"`. There is more information in the thread link I provided above – Hybrid Mar 28 '19 at 21:02

0 Answers0