Ask HN: Any security issues with using a font for password input?

1 points by solumunus ↗ HN
I have an app where many users will share 1 PC and log in and out many times per day. In this use case it's imperative that passwords are not saved in the browser. The only way I can seem to totally prevent this is to use an text input and apply a custom font to it where the letters are obfuscated. Am I opening up any security holes by doing this?

2 comments

[ 4.8 ms ] story [ 20.0 ms ] thread
You can set autocomplete=none. Password managers should respect that and not save passwords for that field.
Google Chrome completely ignores that.

EDIT: Apparently Chrome will respect the following:

<input name="new-password" id="new-password" autocomplete="new-password" >

I'll try this.

I'd still appreciate an answer to the question if anyone has one.