Description
Enabling autocomplete for password input fields allows browsers to save and autofill sensitive information, such as passwords. This poses a security risk, particularly on shared or public computers, where unauthorized users may access saved credentials.
Recommendation
Disable autocomplete for sensitive form inputs by adding the attribute autocomplete="off" to password input fields. This prevents browsers from saving and autofilling passwords, enhancing security.
References
- OWASP: Secure Coding Practices Quick Reference Guide
- Mozilla Developer Network (MDN) Web Docs: autocomplete attribute
- CWE-16
- OWASP 2021-A5