On Fri, 08 Apr 2016 19:15:54 +0200, Joseph Scheuhammer
<cl...@alum.mit.edu> wrote:
On 2016-04-08 12:22 PM, Richard Schwerdtfeger wrote:
Companies do not use standard HTML markup when they feel it does not
meet their needs.
Sure. The question is whether the needs that they perceive match those
that should be met, or are in fact destructive.
If the needs they perceive lead them in the direction of doing something
destructive, e.g. breaking accessibility, then we should try to find a
solution that enables them to achieve their goals, but enhances
accessibility - and is an easier way to do what they are trying to do.
Hence my earlier question about the use cases. What are the needs that
people think justify not using a "real" password field?
Prior to the introduction of the password <input> type, there were
password forms on the web, presumably based on type="text". I assume
companies did something to address security issues, such as using script
to obscure the password text, and using https to transmit it. I don't
know if one could hook into a password manager back then, but I wouldn't
be surprised if efforts were made to do so.
The input element had password types from the beginning. People generally
used server-side authentication in the olden days, based on standards that
didn't allow customisation. Client-side technology wasn't really up to
tricks like obscuring input via isindex until forms were reasonably common.
Prior to, and long after, the introduction of the password input, major
companies transmitted passwords in the clear - some multinational
household names *still* do so today, exposing users to significant risk of
theft, at least.
cheers
Chaals
--
Charles McCathie Nevile - web standards - CTO Office, Yandex
cha...@yandex-team.ru - - - Find more at http://yandex.com
