undefined | Better HN

0 pointsmappu9y ago0 comments

My colleague used a custom web font where every glyph was replaced with a filled circle. Better browser compatibility, you know.

Although our reason was actually to do with password managers. At $DAYJOB we have a CRM/ERP system with lots of password fields for other entities (not the current cookie user). It's increasingly difficult to opt out of browser autofill, and LastPass in particular was corrupting password data in the system whenever forms were submitted.

0 comments

fdsaaf9y ago

> It's increasingly difficult to opt out of browser autofill

Good. I hope browsers autodetect these web font tricks and pop up similar warnings. I can't stand when some random website make thinks it can do a better job of credential security than major browser makers.

Symbiote9y ago

I think the point is more like an HR administrator who opens a web page, containing an employee's details. They need to update the employee's home phone number, but their password manager dumps the HR administrator's password into the "Set new password" field, which is therefore overwritten.

icebraining9y ago

So don't put the "set new password" field right in the employee's details page, use an extra page or popup for that.

1 more reply

j / k navigate · click thread line to collapse