Sunday, April 11, 2010

Stupid IE password box behavior

If you have special characters in your password like most good passwords should, and you type your password (with special chars) into a textbox in password mode and use ctrl+bkspc to clear the password, it will give you the location of the special chars in the password box.

I consider this a gigantic security flaw and is pretty terrible. I have only found this behavior in IE. Is this known? I seem to remember running into this for years.


for example, try this

go to gmail in IE

focus on the password box and type "password" (no quotes) and then hit ctrl+bkspc

then do the same for 'pass/word' (no quote)