Skip to main content

November 19, 2014

Busting Password Managers: Detecting AutoComplete

This password manager detection technique employs JavaScript and JQuery to determine if the keyboard was used to enter the password. If the user did n...

See Details

November 13, 2014

Busting Password Managers: Encrypting Passwords on the Client

Hypothesis: If passwords are encrypted (e.g. AES) on the client in JavaScript, then browsers will not save passwords. The Technique: Normally, it is i...

See Details

October 29, 2014

Busting Password Managers: Separating User ID and Password POSTs

Hypothesis: If usernames and passwords are submitted in separate POST requests, then browsers will not save passwords. The Technique: This method invo...

See Details

October 10, 2014

Busting Password Managers: Inert Password Input Field Injection

Hypothesis: If an extra (hidden) password input field is inserted above the real password field, then browsers will not save passwords. The Technique:...

See Details

October 02, 2014

Busting Password Managers: AJAX Logins

Hypothesis: If the username and password are submitted using AJAX, then browsers will not save passwords. The Technique: Our theory is that browsers o...

See Details

September 23, 2014

Busting Password Managers

As you may have noticed, web browser password managers have begun to take over. Until recently, a developer could simply add the "AutoComplete=off" at...

See Details