What I find interesting is that it appears that browser vendors are finally standing up to the users, instead of merely catering down to the banks.
The banks have surprisingly found new ways to defeat autocomplete ignores, using fancy javascript to ensure that no passwords could be saved, and that web-site fishing attacks are much easier to make (I know, right?).
I wonder — do they actually have studies that say that fishing is less dangerous than data breaches, or why do they keep doing this?
Some PCI auditors will ding you for not disabling autocomplete on your forms. And even if that’s not spelled out in PCI DSS, or they don’t do that anymore, whatever, the tribal belief is that they will, so good luck convincing your security group otherwise.
What I find interesting is that it appears that browser vendors are finally standing up to the users, instead of merely catering down to the banks.
The banks have surprisingly found new ways to defeat
autocompleteignores, using fancy javascript to ensure that no passwords could be saved, and that web-site fishing attacks are much easier to make (I know, right?).I wonder — do they actually have studies that say that fishing is less dangerous than data breaches, or why do they keep doing this?
Regulations - or, at least, FUD surrounding them.
Some PCI auditors will ding you for not disabling autocomplete on your forms. And even if that’s not spelled out in PCI DSS, or they don’t do that anymore, whatever, the tribal belief is that they will, so good luck convincing your security group otherwise.