2

If I press Tab twice after enter my username, I will type my password somewhere outside the password field.

Are there any chances for somebody to catch my password when I enter it outside the password field? I thought about a badly placed Web banner or something like that, which is waiting for this mistake.

I can see a similar question here, but that relates to the password being entered into the username field.

robin
  • 29
  • 2
  • Users use mouse to navigate. To target those who are proficient enough with keyboard, count on their mistake and then count on the fact that they type the password correctly, do not notice or do not amend for it, would be ridiculous. Criminals are quite rational. – techraf Apr 26 '16 at 09:18
  • @techraf yes this might be right. But if there is a solution to spy multiple websites automatically, the chance to capture some passwords would be higher and it would be pretty comfortable. My question was if there is a technical solution. – robin Apr 27 '16 at 06:25

1 Answers1

2

I see two possible problems with this:

Browser/Application Autocompletion

If you do it in a web browser, and the field you enter the password in can allow data to be stored by the browsers autocompletion - then people with access to the browser can find your password. Either by chance, or intentionally. If you enter passwords in a password field, it should not be stored by autocompletion - but in the password database (if opted in).

Server side logs

In the related question you posted a link to in your question, the username field is often found in logs - and possible logs that are accessibly to multiple users. For other fields, it is entirely up to the application and what it does with other input fields.

Dog eat cat world
  • 5,759
  • 1
  • 27
  • 46
  • Thanks, I haven't seen the first point until now. This means a hacker needs to know who is visiting the website and then get access to those private databases to check them. It sounds unreasonably expensive. – robin Apr 27 '16 at 06:52