A safe password form mode for browsers?

Leave a Comment / Security & privacy /

Would it be possible to create a safe mode for browsers that prevented users from submitting anything that might be a password into unsafe forms? Has anybody done this already?

Consider the following two rules inserted into a web browser:

1. if we are presented any https page without a verified certificate, don’t display the page

2. if there is a form on any non-https page with anything that might be a password entry field, don’t display the page. (Password input fields would be identified by any NAME parameter related to passwords, and by the TYPE=PASSWORD attribute.)

Instead of just providing warnings, completely refuse to display the page with a message saying that the page is unsafe.

We might use these rules in browser configurations that are given to children and naive Internet users.

Would this be effective in preventing the disclosure of passwords to false or unsafe web sites (e.g., phishing)? Sure, it would not be perfect because spoof sites could use nonsense field names and avoid the PASSWORD attribute type, but would it be better?

Would too many legitimate sites be blocked?

Technorati Tags: , , , ,

Leave a Comment

Your email address will not be published. Required fields are marked *