Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-71176

New password and change forms should have autocomplete="new-password"

XMLWordPrintable

    • MOODLE_400_STABLE
    • MDL-71176-master_password_autocomplete
    • Hide

      Setup requirements:

      1. Site level setup:
        1. Login to the moodle site as a siteadministrator
        2. Navigate to Site administration > Plugins > Authentication > Manage authentication
        3. Ensure Email-based self-registration is enabled in the Available authentication plugin area, if not, click the eye icon next to it to enable the plugin
        4. On the same page, scroll down to the Common Settings and set 'Self Registration' to 'Email-based self-registration'
        5. On the same page, scroll down and save changes using the Save changes button.
      2. User level setup: (This instruction is created using Firefox v89.0.1)
        1. Go to the login page (login/index.php) and select 'Create new account' and confirm the page is now (/login/signup.php)
        2. Fill up all the information in the form and create a new account by selecting "Create my new account" button.
        3. At this point, the browser will prompt as "Save login for site:http://urlofhesite"
          Save the password by selecting "Save"
        4. Navigate to the login page (login/index.php)
        5. Confirm the browser either auto-filled the password (if only one saved password saved for this site) or giving an option to select the account to populate password
      3. Test scenario for signup form:
        1. Go to the login page (login/index.php) and select 'Create new account' and confirm the page is now (/login/signup.php)
        2. Confirm any existing username and password should not be auto populated from the browser or any other password manager
      4. Test scenario for change password form:
        1. Login to your moodle site as a any user having manual authentication
        2. On the top right from the user dropdown, select Preferences
        3. From the User account section, select change password
        4. Confirm the "New password" and "New password (again)" should not populate any saved password from the browser or any other password manager

       

      Show
      Setup requirements: Site level setup: Login to the moodle site as a siteadministrator Navigate to Site administration > Plugins > Authentication > Manage authentication Ensure Email-based self-registration is enabled in the Available authentication plugin area, if not, click the eye icon next to it to enable the plugin On the same page, scroll down to the Common Settings and set 'Self Registration' to 'Email-based self-registration' On the same page, scroll down and save changes using the Save changes button. User level setup: (This instruction is created using Firefox v89.0.1) Go to the login page (login/index.php) and select 'Create new account' and confirm the page is now (/login/signup.php) Fill up all the information in the form and create a new account by selecting "Create my new account" button. At this point, the browser will prompt as "Save login for site: http://urlofhesite " Save the password by selecting "Save" Navigate to the login page (login/index.php) Confirm the browser either auto-filled the password (if only one saved password saved for this site) or giving an option to select the account to populate password Test scenario for signup form: Go to the login page (login/index.php) and select 'Create new account' and confirm the page is now (/login/signup.php) Confirm any existing username and password should not be auto populated from the browser or any other password manager Test scenario for change password form: Login to your moodle site as a any user having manual authentication On the top right from the user dropdown, select Preferences From the User account section, select change password Confirm the "New password" and "New password (again)" should not populate any saved password from the browser or any other password manager  

      What it says on the tin. Best practice is to give the correct html5 markup so that password managers can aid in creating good secure passwords and not get confused with other auto complete types.

      /login/change_password.php

       /login/signup.php?

      https://web.dev/sign-in-form-best-practices/#new-password

       

            safatshahin Safat Shahin
            brendanheywood Brendan Heywood
            Kevin Pham Kevin Pham
            Andrew Lyons Andrew Lyons
            Anna Carissa Sadia Anna Carissa Sadia
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour, 10 minutes
                1h 10m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.