Extension for forms/passwords that don't save?

1,445 views
Skip to first unread message

kmand

unread,
May 7, 2012, 12:30:55 PM5/7/12
to Chromium-discuss
There are web pages that have forms or id/password fields that
purposely are set up so that the internal browser save mechanism
doesn't work. I used to have an extension on firefox that somehow got
around this and would save the values.

Is there something like this for the chrome browser?

PhistucK

unread,
May 7, 2012, 12:38:12 PM5/7/12
to kman...@gmail.com, Chromium-discuss
That should do the trick for basic ones.

--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
   http://groups.google.com/a/chromium.org/group/chromium-discuss

Pavel Ivanov

unread,
May 7, 2012, 12:50:44 PM5/7/12
to phis...@gmail.com, kman...@gmail.com, Chromium-discuss

Stephen

unread,
May 9, 2012, 8:02:12 AM5/9/12
to paiv...@gmail.com, phis...@gmail.com, kman...@gmail.com, Chromium-discuss
I've been a fan of LastPass for some time, but unfortunately it's a memory hog and I'd prefer to use the built in mechanism, if only Chrome Developers would make it easy to import from LastPass's db! Whew, that's quite a run-on sentence ....

Anywho, +Phistuck does that extension (you mentioned up thread) save passwords from secure sites like Banks etc? The builtin password mechanism in Chrome/Chromium doesn't if the site has disabled it on their input form. LastPass had a setting that over ruled that behaviour and life was good.
Best Regards,
Stephen Allen

Finnur Thorarinsson

unread,
May 9, 2012, 8:28:21 AM5/9/12
to stephen...@gmail.com, paiv...@gmail.com, phis...@gmail.com, kman...@gmail.com, Chromium-discuss
I remember seeing an extension from one of the Chrome developers that allowed you to do just that, I believe:

https://chrome.google.com/webstore/search/pkasting%20autocomplete

I don't have a need to save passwords for my banking sites so I haven't tried it myself.

Stephen

unread,
May 9, 2012, 8:38:31 AM5/9/12
to Finnur Thorarinsson, paiv...@gmail.com, phis...@gmail.com, kman...@gmail.com, Chromium-discuss
Thanks Finnur! Obviously prefer extensions from Google devs.

Pavel Ivanov

unread,
May 9, 2012, 8:39:00 AM5/9/12
to Stephen, phis...@gmail.com, kman...@gmail.com, Chromium-discuss
> I've been a fan of LastPass for some time, but unfortunately it's a memory
> hog

Do you have some numbers supporting this?
I'm surprised of such statement because I use LastPass for a long
time, and all this time my main memory hogs are Gmail, imo.im and
JIRA. Their processes very often go on par with MS Visual Studio when
I keep them opened for a long time. And I've never seen LastPass even
close to the top of memory consumers.


Pavel

PhistucK

unread,
May 9, 2012, 8:40:26 AM5/9/12
to Finnur Thorarinsson, stephen...@gmail.com, paiv...@gmail.com, kman...@gmail.com, Chromium-discuss
Exactly the one I suggested. :)

This may be able to turn saving passwords/automatic form completion on for bank sites. It simply toggles the autocomplete attribute of the elements in the form to "on" (which is the attribute that may prevent saving passwords/automatic form completion).


PhistucK

Stephen

unread,
May 9, 2012, 8:42:35 AM5/9/12
to PhistucK, Finnur Thorarinsson, paiv...@gmail.com, kman...@gmail.com, Chromium-discuss
Indeed it is, thanks PhistucK. 
B97.gif

Stephen

unread,
May 9, 2012, 8:44:50 AM5/9/12
to Pavel Ivanov, phis...@gmail.com, kman...@gmail.com, Chromium-discuss
Only what I see when viewing Chromium's Task Manager. It is usually the extension using the most memory and I have more than a few. Don't get me wrong I like LastPass and have used it for a couple of years now, just would prefer browser native capability whenever possible.

Pavel Ivanov

unread,
May 9, 2012, 9:02:13 AM5/9/12
to Stephen, phis...@gmail.com, kman...@gmail.com, Chromium-discuss
> Don't get me
> wrong I like LastPass and have used it for a couple of years now, just would
> prefer browser native capability whenever possible.

Sure, just many sites try hard to go around this native browser
capability. And changing autocomplete to "on" won't help there. There
are even bugs in Chrome for that (e.g.
http://code.google.com/p/chromium/issues/detail?id=43219,
http://code.google.com/p/chromium/issues/detail?id=29513). I've got
one site where even LastPass failed to understand that I've just
logged in and didn't offer me to save the password. I had to use its
"Remember all entered data" feature to work around that...

My point is I'm pretty sure that all banking sites will go eventually
this way to enhance their security. So at the end PhistucK's extension
won't help you. Although it can be good enough for now. BTW, does it
work on sites where you enter login name on one page and password on
another?


Pavel

Stephen

unread,
May 9, 2012, 9:06:50 AM5/9/12
to Pavel Ivanov, phis...@gmail.com, kman...@gmail.com, Chromium-discuss
OK Thanks for mentioning some of the caveats. The issue is I use a password generator to well generate longer than 16 char passwords. There is no way in hell I'll remember unique passwords which is why something like this is needed IMHO. The banks should recognize this too.

Tibor

unread,
May 10, 2012, 5:02:14 AM5/10/12
to Chromium-discuss
> needed IMHO. The banks should recognize this too.
Browsers should stop supporting autocomplete attribute what is made up
by some websites, it is not part of html.


On May 9, 2:06 pm, Stephen <stephen.d.al...@gmail.com> wrote:
> OK Thanks for mentioning some of the caveats. The issue is I use a password
> generator to well generate longer than 16 char passwords. There is no way
> in hell I'll remember unique passwords which is why something like this is
> needed IMHO. The banks should recognize this too.
>
>
>
>
>
>
>
>
>
> On Wed, May 9, 2012 at 9:02 AM, Pavel Ivanov <paiva...@gmail.com> wrote:
> > > Don't get me
> > > wrong I like LastPass and have used it for a couple of years now, just
> > would
> > > prefer browser native capability whenever possible.
>
> > Sure, just many sites try hard to go around this native browser
> > capability. And changing autocomplete to "on" won't help there. There
> > are even bugs in Chrome for that (e.g.
> >http://code.google.com/p/chromium/issues/detail?id=43219,
> >http://code.google.com/p/chromium/issues/detail?id=29513). I've got
> > one site where even LastPass failed to understand that I've just
> > logged in and didn't offer me to save the password. I had to use its
> > "Remember all entered data" feature to work around that...
>
> > My point is I'm pretty sure that all banking sites will go eventually
> > this way to enhance their security. So at the end PhistucK's extension
> > won't help you. Although it can be good enough for now. BTW, does it
> > work on sites where you enter login name on one page and password on
> > another?
>
> > Pavel
>
> > On Wed, May 9, 2012 at 8:44 AM, Stephen <stephen.d.al...@gmail.com> wrote:
> > > Only what I see when viewing Chromium's Task Manager. It is usually the
> > > extension using the most memory and I have more than a few. Don't get me
> > > wrong I like LastPass and have used it for a couple of years now, just
> > would
> > > prefer browser native capability whenever possible.
>
> > > On Wed, May 9, 2012 at 8:39 AM, Pavel Ivanov <paiva...@gmail.com> wrote:
>
> > >> > I've been a fan of LastPass for some time, but unfortunately it's a
> > >> > memory
> > >> > hog
>
> > >> Do you have some numbers supporting this?
> > >> I'm surprised of such statement because I use LastPass for a long
> > >> time, and all this time my main memory hogs are Gmail, imo.im and
> > >> JIRA. Their processes very often go on par with MS Visual Studio when
> > >> I keep them opened for a long time. And I've never seen LastPass even
> > >> close to the top of memory consumers.
>
> > >> Pavel
>
> > >> On Wed, May 9, 2012 at 8:02 AM, Stephen <stephen.d.al...@gmail.com>
> > wrote:
> > >> > I've been a fan of LastPass for some time, but unfortunately it's a
> > >> > memory
> > >> > hog and I'd prefer to use the built in mechanism, if only Chrome
> > >> > Developers
> > >> > would make it easy to import from LastPass's db! Whew, that's quite a
> > >> > run-on
> > >> > sentence ....
>
> > >> > Anywho, +Phistuck does that extension (you mentioned up thread) save
> > >> > passwords from secure sites like Banks etc? The builtin password
> > >> > mechanism
> > >> > in Chrome/Chromium doesn't if the site has disabled it on their input
> > >> > form.
> > >> > LastPass had a setting that over ruled that behaviour and life was
> > good.
>
> > >> > On Mon, May 7, 2012 at 12:50 PM, Pavel Ivanov <paiva...@gmail.com>
> > >> > wrote:
>
> > >> >> Or there's LastPass:
>
> >https://chrome.google.com/webstore/detail/hdokiejnpimakedhajhdlcegepl...
> > .
>
> > >> >> Pavel
>
> > >> >> On Mon, May 7, 2012 at 12:38 PM, PhistucK <phist...@gmail.com>
> > wrote:
> > >> >> > That should do the trick for basic ones.
>
> >https://chrome.google.com/webstore/detail/ecpgkdflcnofdbbkiggklcfmgbn...
>
> > >> >> > ☆PhistucK
>
> > >> >> > On Mon, May 7, 2012 at 7:30 PM, kmand <kmand...@gmail.com> wrote:
>
> > >> >> >> There are web pages that have forms or id/password fields that
> > >> >> >> purposely are set up so that the internal browser save mechanism
> > >> >> >> doesn't work. I used to have an extension on firefox that somehow
> > >> >> >> got
> > >> >> >> around this and would save the values.
>
> > >> >> >> Is there something like this for the chrome browser?
>
> > >> >> >> --
> > >> >> >> Chromium Discussion mailing list: chromium-disc...@chromium.org
> > >> >> >> View archives, change email options, or unsubscribe:
> > >> >> >>    http://groups.google.com/a/chromium.org/group/chromium-discuss
>
> > >> >> > --
> > >> >> > Chromium Discussion mailing list: chromium-disc...@chromium.org
> > >> >> > View archives, change email options, or unsubscribe:
> > >> >> >http://groups.google.com/a/chromium.org/group/chromium-discuss
>
> > >> >> --
> > >> >> Chromium Discussion mailing list: chromium-disc...@chromium.org

PhistucK

unread,
May 10, 2012, 5:07:53 AM5/10/12
to jbt...@gmail.com, Chromium-discuss
--
Chromium Discussion mailing list: chromium...@chromium.org

Tibor

unread,
May 10, 2012, 5:32:53 AM5/10/12
to Chromium-discuss
We are both right and we both made the same mistake of not including
html version.
It is included in HTML5 draft, but it is not in previous versions:
http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#h-17.4
http://www.w3.org/TR/2012/WD-html5-20120329/the-form-element.html#the-form-element

Chrome and other browsers supported this attribute long before html 5.

I'm really sad they plan to include this attribute in html standard
because website builders shouldn't be allowed to control this, it is
none of their business. Same about disabling copying text.

On May 10, 10:07 am, PhistucK <phist...@gmail.com> wrote:
> Oh... but it is -http://www.whatwg.org/specs/web-apps/current-work/multipage/forms.htm...
>
> ☆*PhistucK*

PhistucK

unread,
May 10, 2012, 5:38:09 AM5/10/12
to jbt...@gmail.com, Chromium-discuss
I generally agree with you, but if the web platform is to be used for high security purposes, supporting this attribute is a requirement.
Same about disabling copying text - copyright and stuff.

Of course, none of these attributes/properties guarantees a full protection from these features, but they provide a basic one.

PhistucK



Chromium Discussion mailing list: chromium...@chromium.org

Tibor

unread,
May 10, 2012, 4:56:43 PM5/10/12
to Chromium-discuss
I know the reasoning behind both features, but all are false.

Disabling autofill might decrease legal liability of website owner but
it doesn't really protect the user. If someone would really care about
security they would use other means to secure the application (i.e.
random field names, single use passcodes).
Instead real protection this method forces the users to use other
means to store usernames, what other means might be more unsecure
(i.e. store passwords, credit card numbers too).
It makes no sense that Chrome doesn't autofill some of usernames but
stores credit card numbers.

Similar issue with disabling copy. It only protects from those users
who would be harmless anyway. The really malicious users who would
reuse copyrighted material in a way that would cause damage to the
owner know how to look at source or how to download content without a
browser.
Again the legitimate users are obstructed from normal use, i.e. many
times I can't select and copy an email address, phone number or postal
address in normal way due to the stupidity of some web designers and
the people who added this feature to html. I know how to copy anyway
it is just annoying and more clicks.



On May 10, 10:38 am, PhistucK <phist...@gmail.com> wrote:
> I generally agree with you, but if the web platform is to be used for high
> security purposes, supporting this attribute is a requirement.
> Same about disabling copying text - copyright and stuff.
>
> Of course, none of these attributes/properties guarantees a full protection
> from these features, but they provide a basic one.
>
> ☆*PhistucK*
>
>
>
>
>
>
>
> On Thu, May 10, 2012 at 12:32 PM, Tibor <jbti...@gmail.com> wrote:
> > We are both right and we both made the same mistake of not including
> > html version.
> > It is included in HTML5 draft, but it is not in previous versions:
> >http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#h-...
>
> >http://www.w3.org/TR/2012/WD-html5-20120329/the-form-element.html#the...
> > Chromium Discussion mailing list: chromium-disc...@chromium.org
Reply all
Reply to author
Forward
0 new messages