Results 1 to 3 of 3
-
04-18-2015, 06:52 AM #1WHT Addict
- Join Date
- Apr 2006
- Location
- Planet Earth
- Posts
- 155
Re-display password in registration form good or bad?
When a user tries to register and the data he submits are not right such as bad email, or weak password, we would display the registration page again to him with the data he just submitted along with the error messages.
My question is should we display the password he just submitted in HTML as this?
<input type="password" value="s0me7Xpwd">
Or just leave it blank and annoys him to enter another one?
It's definitely better in user experience to insert the password again (especially when the password is all right) but would it be good with regards to security?
-
04-18-2015, 10:26 AM #2Web Hosting Master
- Join Date
- Oct 2007
- Posts
- 2,349
Hi,Yes, that would be good in security aspect. Have them edit the password again.
www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !! Skype: techs24x7
-
04-18-2015, 11:43 AM #3Web Hosting Master
- Join Date
- Nov 2006
- Location
- Karachi, Pakistan
- Posts
- 1,359
Password fields are of type "password" because that ensures that their contents are never displayed by browsers on-screen and this prevents shoulder surfing. So there is no question of editing the contents of a password field since you can never see what's entered there in the first place. So don't display the password in your error page because it would be pointless and may even be used in some clever way to exploit your users' accounts.
Last edited by /dev/random; 04-18-2015 at 11:47 AM.
Similar Threads
-
Starting a web hosting company in this economy, good or bad?
By Karbon in forum Running a Web Hosting BusinessReplies: 20Last Post: 03-28-2009, 05:15 AM -
20 vps in one server! good or bad!
By king_o_e in forum VPS HostingReplies: 33Last Post: 09-10-2007, 05:16 PM -
Run Server in virtual machine ( GOOD or BAD )
By test1231 in forum Hosting Security and TechnologyReplies: 4Last Post: 07-25-2006, 03:03 PM -
000domains starts using own registration system (in place of OpenSrs). Good or bad?
By GeorgeC in forum Domain NamesReplies: 2Last Post: 01-14-2003, 10:11 AM -
Your home address in the NIC whois good or bad?
By Rock in forum Domain NamesReplies: 33Last Post: 01-13-2003, 09:00 AM