This Backdrop module clears common password form fields.
The Open Web Application Security Project has multiple documents which recommend disabling automatic password capture. In their response to Draft NIST SP 800-118, they recommend setting the
autocomplete attribute for form fields to
For a web application, the 'autocomplete' attribute should be implemented
with the value 'off' in rendered HTML form fields, or whole HTML forms,
where sensitive data such as passwords are entered...
This module sets the
autocomplete attribute to
off for the login, user profile, and registration forms. It also uses jQuery to clear password fields where passwords are already saved. This module does not erase the password from client browsers' configuration - it just clears the field to improve security.
- Originally written for Drupal by Victor Kareh (https://github.com/vkareh)
- Ported to Backdrop by David Norman (https://github.com/deekayen)
This project is GPL v2 software. See the LICENSE.txt file in this directory for complete text.