Enable password saving in web forms
2013-05-23 10:27:04 írta
Some people just cannot get it.
I do not get into password security theory right now, it has been well debated to death already. Basically the best way – in my not-so-humble opinion – is to use different, long and random passwords everywhere (at least on the web) and store them in a secure password manager program protected with one very strong, but memorizable master password. (Unfortunately there are lots of programs and web services around offering password management while utilising security in horrible ways, including unsafe or weak encryption, transferring live passwords on the net, sometimes even unencrypted, or storing the cleartext passwords in an olnline database. It is really hard to find one which is secure, cryptographically sound and trusted. And don't get me started with online news articles written by miners and shoemakers playing mad scientist for the masses, telling which program is good and which is not; they can't even spell cryptography, let alone understand what it means. But that's a topic for another day.)
So I advise you to use a secure password storage, with long random passwords, lots of them.
For the web, the easiest way to use a browser with a secure storage. Firefox have one, if you use a strong master password it's quite safe (well, not Fort Knox, but "pretty good").
Sometimes you want to use external password manager, or anything which cannot autofill the form: there you retrieve the long random noise and try to copy it into the password field. Easy, quite secure (as long as you trust your copy buffer, but then again this is a different topic altogether; I do not start to talk you about swap files - security is a bitch).
So, here come the people who cannot get it.
Some people think it is really smart to disable browser password saving. Completely. For everyone. They think it's better to use memorizable "secure" passwords than long random ones. Or maybe they want to laugh at you trying to type them in. So they include shit on their webpage like "autofill=no" attributes. Nasty.
Others think that you should not copy secure passwords, Allah knows what'd on their mind, if they had any. Setting onPaste="return false" and like on web forms. Double nasty.
So here's a script, which is an adoption of someone's script I saved long time ago. I am lazy to look it up, if you're the author you're welcome to tell me and I'll inlcude the credits. The script was updated to handle oncopy and onpaste.
In Firefox at least you create a new bookmark and copy the whole stuff into the URL. Anytime you need to save passwords, click on it, then start filling out.
Enjoy.
javascript:(function(){var%20ca,cea,cs,df,dfe,i,j,x,y;ca=cea=cs=oc=op=0;df=document.forms;for(i=0;i<df.length;++i){x=df[i];dfe=x.elements;if(x.onsubmit){x.onsubmit="";++cs;}if(x.attributes["autocomplete"]){x.attributes["autocomplete"].value="on";++ca;}if(x.onpaste){x.attributes.onpaste.value="";++op;}if(x.attributes["oncopy"]){x.attributes["oncopy"].value="";++oc}for(j=0;j<dfe.length;++j){y=dfe[j];if(y.attributes["autocomplete"]){y.attributes["autocomplete"].value="on";++cea;}if(y.attributes.onpaste){y.attributes.onpaste.value="";++op;}if(y.attributes["oncopy"]){y.attributes["oncopy"].value="";++oc;}}}alert("removed%20autocomplete=off%20from%20"+ca
+"%20and%20from%20"+cea+%20",%20and%20removed%20onsubmit%20from%20"+cs
+%20".%20after%20you%20type%20your%20password%20and%20submit%20the%20form,%20the%20browser%20will%20offer%20to%20remember%20your%20password."
+%20"%20also%20removing%20"+op+"%20onpaste%20and%20"+oc+"%20oncopy.")
})();