I have a public-facing website that is used to manage business infrastructure equipment for my clients. A security breach on this website could cause expensive problems for clients.
A number of different websites--mostly banks, health care, and government--disable the "save password" dialog from appearing in Firefox, IE, and other browsers citing security concerns. I'm talking about the box/bar that appears after you enter your login information, so the browser can auto-populate the username/password fields for you the next time your visit that site.
My question is not how to disable, because that is answered in the Disable browser 'Save Password' functionality question.
What I want to know is:
- What are some cases in which it is absolutely essential to disable "save password" functionality? Do such cases exist?
- Does this technique really provide any additional security? In other words, won't people find a way to leak their passwords despite your best efforts?
- Do users complain about removal of "save password" functionality?
- Any other thoughts on when to disable "save password" functionality?