Google browser comes with a password manager feature, which should be more or less everyone should have heard or used this feature.
The main function of the content is, when the user enters a user name on a web page, password or password changes will trigger an automatic save feature this password when the form is submitted. If you are using a computer is not a public computer, you can save this password.
In the login page form, Google Chrome will automatically pull out a form, you can automatically fill a page for quick landing.
However, in some cases, I do not want to trigger this feature. There are two:
1. Web site developers do not want the page to trigger automatic password save feature, likely reason is considered unsafe automatically save passwords, the site provides a safer landing approach SMS verification codes.
2. The user does not want to trigger AutoFill password, because some pages are filled not in fact a form of username and password.
Current Status:
Google browser developers think, Password Manager function can more easily allows users to set different passwords for different websites, so the browser to remember this complete function, without the need for users to actively remember these passwords, and the user's computer generally safe.
Web developers may be inclined to the view: in case the user's computer with a virus or open unknown software on your computer, the software can directly read the Google browser password, so insecure, I want to disable the automatic form filling function off.
Possible security risks:
If you do not let the browser to remember the password, the user will need to remember or manage their own passwords for different websites, then the time will tend to set the password set to the same or similar passwords. In this case, once a site of a password leak, or the site of a malicious maintenance personnel to obtain your password, you can use the same account password to try a different Web site, your account information will leak. If you let the browser remember your password, then users will be completely different in setting passwords for different websites, and even Google browser directly provides right-click - generate random passwords, this option allows password manager to manage passwords. In this case, even if the user password on a Web site of the leak, accounts on other websites but also to ensure safety.
If we allow the browser to remember passwords, may be potential risk is this. A large part of the user does not set specific password for Password Manager Google browser, in this case, after some software to run without any additional permission, you can read the password Google browser directly. (To learn how to read the password, you can see this article: penetration techniques - Export and save the Chrome browser password ), then all browsers will manage the password leaks, the impact caused to the user not to remember passwords than nuclear energy a large number.
How to weigh:
If you need to visit the site a lot, you personally and pay more attention to security in this area only, to ensure PC security, we recommend using a password manager saves some relatively unusual site password, if you do not worry, you can set a password manager private password encryption, password manager to ensure their own safety.
If you need to visit the site much, you do not pay attention to the relative personal security of personal computers, or PCs often need to run the software of unknown origin, it is recommended not to use a password manager to save passwords.
Talk so much, it seems the popularity of Google in the browser's password manager this function.
--------------------------- gorgeous dividing line ------------------- ---------------
In fact, writing this article, the main purpose of the individual is, if you do not trigger the Password Manager feature of Google Chrome, you may need to do. For two scenarios do not want to trigger the processing methods are different.
1. Web site developers do not want the page to trigger automatic password save feature
In this case, personal advice, do not spend too much time to make the browser does not recognize the password. Because officials believe, you are cheating your browser, so even if you effectively disable the browser in the current version of the automatic password filling, may be the next version becomes ineffective. Personally feel no need to help the user decide whether to allow the browser to remember passwords, the decision left to the user himself, I believe that users are informed.
2. The user does not want to trigger AutoFill password
In the address bar, enter chrome: // flags / # fill- on-account-select the option to enable, restart the browser, good finish.
This approach is valid for all passwords automatically populated. By default, the browser's password is automatically filled in when you open the page, the browser think that this form is password form, the form will be implemented automatically populated. However, even if the browser code written by another cow B, or misjudge the time will be used. I encountered two personal site is not password form, and is recognized as password form, worried for a long time. After this option to change the finish, when the page is finished loading, filling a password prompt will pop up when the user clicks to select the corresponding password before filling of the form.