Page MenuHomePhabricator

Turn off autocomplete on TOTP box
Open, LowPublic

Description

Screenshot 2022-07-14 at 17.19.45.png (540×692 px, 66 KB)

This isn't helpful.

Event Timeline

Reedy triaged this task as Low priority.Jul 14 2022, 4:21 PM
Reedy updated the task description. (Show Details)

The HTML says we're using autocomplete="one-time-code" which seems to be an experimental feature (caniuse) intended for mobile-phones to prefill from SMS (source).
+1, we should change to autocomplete="off". (specs)
I'd guess in these 3 locations: https://codesearch.wmcloud.org/extensions/?q=one-time-code&i=nope&files=&excludeFiles=&repos=

The HTML says we're using autocomplete="one-time-code" which seems to be an experimental feature (caniuse) intended for mobile-phones to prefill from SMS (source).
+1, we should change to autocomplete="off". (specs)
I'd guess in these 3 locations: https://codesearch.wmcloud.org/extensions/?q=one-time-code&i=nope&files=&excludeFiles=&repos=

It doesn't seem that experimental - its in the html5 spec and 89% of users have a browser recognizing it.

Although i guess it makes no sense since we dont support sms based 2fa.

https://phabricator.services.mozilla.com/D158911

Looks like this has been, in theory, "fixed" for a while?

While https://caniuse.com/?search=one-time-code doesn't seem to agree, I only have (seemingly) 1Password trying to annoy me when entering the codes... Which is a different issue (and technically, 1Password could fill the TOTP there)

https://phabricator.services.mozilla.com/D158911

Looks like this has been, in theory, "fixed" for a while?

While https://caniuse.com/?search=one-time-code doesn't seem to agree, I only have (seemingly) 1Password trying to annoy me when entering the codes... Which is a different issue (and technically, 1Password could fill the TOTP there)

Yeah, I know I've experienced Firefox trying to autocomplete the OTP since that revision was merged 10 months ago.

I can't reproduce for Firefox mobile for Android or Firefox for Windows 10 now using FreeOTP. So something since adjusted how Firefox was reacting.