Default to disabling Auto-fill HTTP (insecure) website password / forms


I believe auto-filling HTTP (insecure) forms should disabled by default with security in mind.

There are substantial security implications to auto-filling website forms (including passwords).

Currently when testing with the built-in LastPass password manager I’m finding that HTTP sites are having their passwords auto-filled.
I assume that it’s the same with the other built-in password managers?

Even auto-filling on a secure website raises questions when the user wishes to remain anonymous / logged out:

closed #2

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.