Sunday, April 11, 2010

Stupid IE password box behavior

If you have special characters in your password like most good passwords should, and you type your password (with special chars) into a textbox in password mode and use ctrl+bkspc to clear the password, it will give you the location of the special chars in the password box.

I consider this a gigantic security flaw and is pretty terrible. I have only found this behavior in IE. Is this known? I seem to remember running into this for years.


EDIT:

for example, try this

go to gmail in IE

focus on the password box and type "password" (no quotes) and then hit ctrl+bkspc

then do the same for 'pass/word' (no quote)