Sunday, 11 July 2010

Tuesday Top Tip - Autocomplete

The following screenshot is from a Credit Card payment page which I regularly use.


I use Firefox mostly. When I double-click on the CVV2 field, the value that I used the previous time appears. The same applies to all the other Credit Card fields (number, name, address, etc). While this is great from a usability perspective, it's bad from a security point-of-view. A casual user in an Internet cafe scenario could easily get a list of valid credit cards by just double clicking on these fields. The Expiration Date is the only field which is not prefilled.

To prevent this from happening on your website, make sure to set the AUTOCOMPLETE field to OFF. You can do this at the HTML field or form level:
  • <INPUT NAME="name" AUTOCOMPLETE=OFF >

That's Tuesday's Top Tip #1

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

3 comments:

  1. Truly delighted with the reliability of guiformat for formatting large-capacity drives. The software is straightforward, user-friendly, and effective. I appreciate how smoothly everything worked and how it simplified a task that seemed complicated before.

    ReplyDelete
  2. Completely satisfied with the outstanding experience using creaminstaller for various tasks. The platform combines simplicity with effectiveness, ensuring a seamless workflow. Its reliable performance and user-friendly design make it a highly valuable resource.

    ReplyDelete
  3. Unexpectedly amazed by the smooth experience offered by byebyedpi and its practical features. The application is lightweight yet powerful, delivering dependable results. Its intuitive interface and excellent performance make it a valuable utility for many users.

    ReplyDelete