I may be off base but if the password is requested by an HTML form and you can modify it, then modify it to something like:
<INPUT TYPE="password" AUTOCOMPLETE="off"> Someone could use a browser were the AUTOCOMPLETE attribute is disabled but standard browsers appear to support this, at least when I worked this issue a couple of years ago for a bank. WARNING: Any time you send information or a command to a browser, you must assume that the information can be modified or ignored. Therefore, having a corporate policy is also an important step. The above attribute method just pushes people in the right direction. It does not guarantee their behavior. Mark On Fri, 20 Dec 2002 02:46:02 +0800 Michael Boman <[EMAIL PROTECTED]> wrote: > On Wed, Dec 18, 2002 at 12:28:50PM -0800, David > Brown wrote: > > My company is working on a webmail > implementation, which requires that > > the user authenticate to an NT domain. > Regardless of the authentication > > method, there is always an option in the > login dialog to 'Save this > > password in your password list', which seems > to be browser driven. > > I don't want my user population saving their > passwords to various > > computers all over the world. Does anyone > have a clue how to remove or > > disable this option? > > No, you can usually not control the client > browser. Put a policy in > place instead that forbids people to save it in > the browser and gives > the managment power to inforce disiplenary > actions if they break it > (not all security problems can be removed with > technology). > > Best regards > Michael Boman > > -- > Michael Boman > Security Architect, SecureCiRT (A SBU of > Z-Vance Pte Ltd) > http://www.securecirt.com >
