Browser prompts to store SSPR login credentials

  • 7024177
  • 11-Oct-2019
  • 11-Oct-2019


Self Service Password Reset
SSPR 4.x
FireFox v38 or newer
Chrome v34 or newer
Internet Explorer 11 


Browser prompts for saving passwords to the SSPR login page - is this a security vulnerability? 
How to prevent FireFox from saving login to SSPR page.  


This is not a security vulnerability in SSPR.  With older brower versions, setting "autocomplete=off" in a web application would prevent the browser from prompting to store credentials.  This is no longer the case with modern browsers.  

SSPR sets "autocomplete=off" in the login form, but it is up to the browser to honor it.  Newer versions of FireFox, chrome and IE don’t honor the tag; they consider it safer to save passwords in their vault which can then be protected using a cert or a master password etc.

To disable the browser from prompting at an organizational level use a Windows Group Policy Object or Linux or MacOS script.  For example, see for instructions on setting a Windows GPO in FireFox. 


Additional Information

The change in browsers to not honor autocomplete=off is documented on the Mozilla developer site.  See