>       On the other hand, if all browsers collectively chose to completely
> ignore autocomplete=off, that might allow proceeding more
> aggressively.
> Sure, and that's why we're bringing it up with the
> standards body. Before we proceed any further, we want to make sure that
> (a) our intention is known, and (b) make sure we're not missing anything
> critical. So far, the arguments in favor of autocomplete='off' are pretty
> much as we already understood them.
> 

Any legal perspective? Banks/financial sites may want autocomplete=off because 
the user is responsible for keeping his password safe.

What happens in the case of fraud? Is the password manager/browser liable? The 
bank? The user? Who gets sued?

That's probably the concern, maybe a liable="user" attribute with popup "hey by 
using auto-complete manager... do you agree to these risks, insert TOS here..." 
?

Reply via email to