Thanks Ricardo! And thanks for all of your example code and support. I tried the button and select control examples, but couldn’t make the “leap” to the TextField. I’ve now found the example you used with your Webinar on updating from a TextArea and I’m using this as a base. Thanks again!
as explained in your other post about this, I don’t think you can achieve this as this is the user’s web browser that decide to save the password or not. your only way is to make a virtual keyboard to input the password, and certainly not a webtextfield, even with the websdk it will lead to the same result as xojo’s
Thanks Alberto. I think I remember doing something like that a zillion years ago before the password textfield was an option in Xojo (well actually realbasic), It worked quite well, except you could copy and paste the password to another document and change the font, which would be a small bit of a security risk, no more, I expect, than the mobile apps showing the last letter typed.
Hi Jean-Yves and Alberto. Just to let you know, this does work a treat! As I expected, you can copy and paste the password, so it may not be ideal for some, but definitely a good workaround. Thanks again and I think I’ll use this method for now and get on with the project.
So there is one huge problem with using the password font. Password fields are designed to be secure. That is, they can’t be changed to a plain text field to reveal their contents and are not copyable. Another problem is that non-password fields can be stored in the browser’s built-in autocomplete database, so if your app is ever used on a public computer (like a library or a cafe) the user’s password could get stored and used by the next person without their knowledge.
Hi Greg. Thanks. I was aware of the first problem and willing to live with it (clear the password after 15 seconds of inactivity, or so), but forgot completely about auto-fill forms outside the keychain, so thanks very much for pointing this out… It looks like I might have to put in Jean-Yves’s soft keyboard after all… Not ideal for people who might need to log in several times a day
are you on macos or windows ?
if on macos, if it is a user computer, he can log with his fingerprint on a recent mac
if it is a shared mac computer, you can use the guest account and the password field will not have any keychain.
So just to be clear, when I go to a website and my password managers don’t work I immediately have concerns:
That my password manager doesn’t work, because I have thousands of them and having to do five extra steps just pisses me off.
I usually look at what’s been done and when I find out that some special hack has been done, I wonder what other hacks have been done which compromise security.
And let’s be clear, you are compromising the security of the browser and the users password here. The whole purpose of the password field is so that the password can’t be stolen by looking over your shoulder or by some browser extension just copying it out… which is what will be able to happen if you use a text field.
I don’t see that it was asked above so why the heck are you trying to do this anyway? It seems like a lot of work for a problem that was solved a long time ago.
Thanks Greg. My problem is I have two password fields, one is a company password and the other is a personal password, but keychain ends up being confused with this. I am trying to create a field that is ignored by keychain but will still hide the text.