Jump to content

Why not to use autocomplete


Recommended Posts

Today at Pubcon Matt Cutts of Google once again promoted the use of autocomplete-type, a new property for web forms that works in Chrome (and possibly other browsers, I haven’t checked). Google first introduced it back in January 2012 in this post. I wanted to do this quick post to tell you to turn off autocomplete in your browser.


This test URL will show you why quicker than I can explain it in words. Please try it and come back. If you’re using autocomplete to, for instance, sign up for an email newsletter, you might have just provided that website with your full address and/or (even worse) your credit card details too. It’s as simple as adding the fields to the form and hiding them from the user…


So: turn off autocomplete until your browser has better controls on what gets autofilled.


How to turn off autocomplete in Chrome


In Chrome, go to your Settings, click Advanced, then make sure the top box here (that is checked in the screenshot) is NOT checked:


Source: yoast

View the full article

Link to comment
Share on other sites

  • 2 weeks later...

Loads of web forms have hidden fields, although they are not usually maliciously designed to capture sensitive personal details, credit card details etc.


There's an update to the original article, clarifying that the function is requestAutocomplete(), presumably called in JavaScript, althought an original blog post (by Alex MacCaw) referred to by the updated original article (by Joost de Valk) has a rather alarming example of the form being completely hidden. :shocking:


Thankyou, but NO thankyou. I'm going to continue to make sure I have Autocomplete turned off, as always.





Link to comment
Share on other sites

I don't use Chrome, not trusting Google that much. I do use autocomplete in Firefox, but I also use the NoScript extension, which does a good job of blocking those hidden elements. When I autofill my name on that test page, it gets nothing but my name.


I would never use autofill for credit card numbers, though. You'd have to be an idiot...

Link to comment
Share on other sites

  • Administrator

I don't use Chrome, not trusting Google that much.

This. After that big EULA scare and Google "saying" it was a mistake when Chrome came out... I just do not buy it. A company of that size with all the resources that they have at their disposal, they copy an EULA from another product in? I don't buy it.


Autocomplete is something I always have, and always will disable. I complete agree that entering sensitive information into fields and allowing autocomplete to fill it is just stupid.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...