Fixing a pet peeve: Salesforce login and password-manager autocomplete

by

The good people at Salesforce appear to feel that disabling login autocomplete is a sensible default. They’re probably correct, but for those who use Firefox with a master password set, having Firefox keep the password encrypted is a better bet than storing it in a plain text file.

I’ve just uploaded a Greasemonkey script which reverts the behaviour to the browser’s default, which in turn allows the password manager to do its work. Per the warning on the page:

Use of this script is only sensible if your browser’s password manager has a master password set.

If it doesn’t, your password manager will store your password in an easy-to-recover form, which you probably don’t want.

There is a trick to using Greasemonkey for this purpose. The obvious approach:

document.getElementById('username').removeAttribute('value');
document.getElementById('password').removeAttribute('autocomplete');

will fail because Greasemonkey scripts usually run after the password manager has scanned the page, meaning that Salesforce’s code to prevent autocompletion will already have taken effect before the script gets involved.  The way around this is to use “@run-at document-start” to run the script before the HTML parser runs and to then perform the relevant changes in a DOMContentLoaded event listener:

// @run-at         document-start

document.addEventListener("DOMContentLoaded", function(e)
    {
    document.getElementById('username').removeAttribute('value');
    document.getElementById('password').removeAttribute('autocomplete');
    }, true);

It happens that an event listener added this way will complete its work before the password manager runs, meaning that it can do all of the things that it does (store credentials securely encrypted, store multiple credentials if you have multiple accounts, notice and remember password changes, delete no-longer-used credentials with a single keystroke, …) as designed.

My use of Greasemonkey for this purpose was inspired by Steve King‘s Auto-login to Salesforce. (Thank you!)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: