I think that the “show password” checkbox on login forms is useful (LukeW has recently written about it here) and I’d like to see it on the Web. Luke points out that this feature is a security issue in the presence of the browsers’ autofill mechanism (when the user chooses “remember password” and later has the password field autofilled by the browser).
How can we circumvent this issue?
- Should browsers just refuse to reveal an autofilled password on the page (even when input type is switched to
- How can web apps detect autofill (needed for conditionally enabling the “show password” checkbox)?
- How much of this should be standardized?
Btw, I’ve noticed an IMO ideal implementation of this functionality in ESET’s security software. See a video demo here.