coppro wrote:
On any page with a field where you must enter your password - most notably a new post or post edit page, your password is visible in the sourcecode for the page. This is a big leak, because if you log on at someone else's house, or someone comes over and checks things out, then they can steal your account easily, and not even right then.
Well, you could fill the field with some randomly generated characters, remember when and for whom they were generated on the server side and expire them when they are used once instead of the password or after 1 hour, whichever comes first.
So either you leave that random string of characters in the password box which can't be reused, or you enter your username and password manually, which gets checked as before.
That way, you get automatic passwording, but without the phishing...
np: Isan - Caddis (Lucky Cat)
____________________________
"
I'm not anti-anything, I'm anti-everything, it fits better."
- Sole
R.I.P. Robert Feldhoff (1962-2009)