Chrome is autofilling fields in IdP forms

Follow

Version Affected:  All

Description:  

Chrome is autofilling fields in IdP, often this manifests as the users password showing in a Knowledge Based Answer field, e.g.:

mceclip0.png

 

Cause:  

Chrome version 76 and higher do not properly supporting turning off autocomplete without keeping Autofill on.

Chrome developers made a deliberate decision that the Autofill feature, which is separate from AutoComplete, will override autocomplete="off"

https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion

https://bugs.chromium.org/p/chromium/issues/detail?id=468153

 

SecureAuth has previously supplied a modified theme that turns off autocomplete for all input fields. But Chrome's Autofill feature is overriding that.

Chrome is only allowing a way to turn off one or the other, Autofill or AutoComplete. There is currently no way to turn off both. 

 

Resolution:  

None

Use one of the following workarounds:

1. Use Incognito mode

2. Use an alternative browser like Edge, IE or Firefox.

 

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.