Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Applications > Forcing Safari to save passwords?

Forcing Safari to save passwords?
Thread Tools
Grizzled Veteran
Join Date: Jun 2002
Status: Offline
Reply With Quote
Jan 2, 2005, 02:39 PM
 
Hi guys,

I use Safari with my internet banking site, and as usual, the username they gave me is pretty cryptic, meaning I have to read it to type it. For security reasons I guess Safari does not save its password like every other site, I'm wondering if there is a way to force it to save? Firefox does have an extension to force save passwords, but I'd really like to use Safari.

Thanks
Oliver
     
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Jan 2, 2005, 02:57 PM
 
Your bank disallows this for good reasons. Safari obeys this for good reasons. If Safari wouldn't banks would block it.

If your username is too cryptic, save it a s a secure not into a keychain. I suggest you use another keychain not your usual log-in keychain and use a different password for this keychain. Keep it locked.

I have a "Notes" keychain for similar purposes.
     
Clinically Insane
Join Date: Nov 1999
Status: Offline
Reply With Quote
Jan 2, 2005, 04:02 PM
 
There are two ways that browsers save passwords: as ordinary cookies (for sites coded to use them), or in a special password database. In order to use the password database, however, the browser has to be able to figure out if a given form is a username/password combination. The password part is easy to figure out, but not always the usernames.

The point behind this is that if sites can code themselves so that browsers know about a user/pass combination, they can also code themselves so that browsers don't know about the combination, and therefore don't save it. Banking sites do this for good reasons. Store your password in a more secure manner.
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
     
Addicted to MacNN
Join Date: Aug 2004
Location: FFM
Status: Offline
Reply With Quote
Jan 2, 2005, 04:13 PM
 
Originally posted by Millennium:
The point behind this is that if sites can code themselves so that browsers know about a user/pass combination, they can also code themselves so that browsers don't know about the combination, and therefore don't save it.
It's not that banks code the page so that the browser can't figure out the user/password fields, the banks explicitly turn off saving those form values with autocomplete="off". Browsers need to respect this if they don't want to be blocked by banks.
     
Clinically Insane
Join Date: Nov 1999
Status: Offline
Reply With Quote
Jan 2, 2005, 11:40 PM
 
Originally posted by TETENAL:
It's not that banks code the page so that the browser can't figure out the user/password fields, the banks explicitly turn off saving those form values with autocomplete="off". Browsers need to respect this if they don't want to be blocked by banks.
That field isn't standard, and so it can't be used by any company that wants to support multiple browsers.

The easiest way to code a page so that a browser can't figure out the user/pass field is simply to give the username field a nonobvious name. Password fields are easy to find; simply look for an input field of type "password". There is no "username" field type, though. To find a username field, therefore, you need to look for its name. Browsers know to look for obvious things like "username", "login, "userid", "uid", and things like that.

To prevent a browser from figuring you where your login/pass fields are, you simply give the username field a nonobvious name. Something silly like "batman" or "pikachu" works just as well from a programming perspective -it's only a name, after all- but it keeps the browser from understanding that this field is used for usernames.
You are in Soviet Russia. It is dark. Grue is likely to be eaten by YOU!
     
Grizzled Veteran
Join Date: Jun 2002
Status: Offline
Reply With Quote
Jan 3, 2005, 06:14 AM
 
Hi guys,

Despite the security risks, is there no way to do this at all then (thanks for the explanations)?

I haven't actually got the bank site bookmarked, so it'd be pretty hard for someone to guess (if I delete my history).

Thanks,
Oliver
     
Grizzled Veteran
Join Date: Nov 2001
Location: Oregon
Status: Offline
Reply With Quote
Apr 8, 2006, 06:00 AM
 
Originally Posted by TETENAL
It's not that banks code the page so that the browser can't figure out the user/password fields, the banks explicitly turn off saving those form values with autocomplete="off". Browsers need to respect this if they don't want to be blocked by banks.
Here’s a program, called Autocomplete Always On!, which will patch WebCore (Safari’s HTML engine) to ignore the flag.

Enjoy!
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 08:16 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2