Security issue of changing type="password" into type="text"
In the html of client side. If we change the type="password" into type="text", the password is displayed as plain text in browser. Is there any security issue about this? If it is, what is the solution to this issue?
Example as follows:
type="password"
type="text"
There are two rather different security issues involved.
One of them is the one so often mentioned as a reason for using input type=password: to protect the user against prying eyes. This is seldom relevant, since passwords are normally typed (and should be typed) so that there is nobody else looking at your screen or your hands.
The other one is different treatment of input type=text and input type=password by browsers in their histories and in using previously entered data as defaults or as selectable options. This varies by browser, but quite often, input type=text causes an automatic prefill if data has previously been entered in a field with the same name. Using the autocomplete=off attribute usually prevents this in modern browsers. On the other hand, browsers may store username/password pairs to make frequent visits to a site more comfortable; this can be an essential usability improvement and an essential security threat. It is typically based on recognizing a pair of input type=text and input type=password.
You could leave the decision to the user by offering both options. Perhaps the least distract way to do that is to have an input type=password with a checkbox “Show password when typed”, JavaScript-driven of course, which when checked turns type=password to type=text.
There is no difference between input type=text and input type=password.
in handling the data, once it has been read. In both cases, the data will be sent to the server as unencrypted, unless the entire form data is encrypted.
- I am a beginner and I just started to learn java servlets and jsp. Can someone help me find the error in this code?
- How to prevent text moving when transitioning sibling element's width
- Printing a HTML template as PDF - Angular 2
- MJML : Outlook 1px horizontal when using direction rtl on mj-section
- HTML dialog focusing button element when opened
- Dynamic html and js
- Input regex for UK postcodes constantly invalid
- Put a star notation in a HTML page
- Can I have an onclick effect in CSS?
- Tailwind CSS height screen in mobile browser
- How do I tell if an HTML element has gone off the bottom of a page?
- Why select is not a input type in HTML?
- Margin different in Windows (Chome, Edge, etc.) and Mac OS (Safari)
- Print only html table using javascript
- How do I use the reverse border radius at the top of a card? (CSS)
- Allow only numbers into a input text box
- Stacked Bootstrap progress to show multiple ranges with tooltip
- Anchor link only works by "Open link in new tab" command
- How to block +,-,e in input type Number?
- Printing a webpages raw html data unformatted with tags and similar information
- Creating an end screen for my game using javascript, css, and html
- How do I include a HTML file in a Jinja2 template?
- CSS table layout: why does table-row not accept a margin?
- Add fontawesome to shadowroot of webcomponent
- Darkening an image when clicked is requiring an initial click on that image, and I don't know why
- Adding margins between Bootstrap columns
- css border: 1px appear as 0.667px or 1px depending on the computer / display resolution (?)
- Button to download file and redirect to new page
- How to insert row with attributes using table.insertRow?
- Pass objects/vars between Page_PreInit and Page_Load