Feature request: A password manager login standard

Creators of password managers endlessly struggle to make their software work with websites. Each website designer has his own way of writing needlessly complex JavaScript. Since there is no “right” way to code this, every implementation is in some sense arguably wrong.

Many decades ago, we used to have chat scripts for dial-up logins. These scripts were sometimes intricate, designed to get past the many nonstandard prompts that sysadmins generated before you could log in. Eventually PAP or Password Authentication Protocol (see RFC 1334) was implemented which made such logins a lot easier.

I think we are at that point now. Some password manager implementer needs to propose a standard HTML fragment that will include the usual login fields and that can be correctly recognized and filled in by every password manager. The standard should be simple enough that even the most clueless website designers can implement it.

I’ve thought long and hard about this is the past, and I couldn’t agree more.

It’s amazing how many websites are coded in such a way that it makes it almost impossible to be parsed by a third-party tool. It’s like many people have never even heard of password managers, even though literally millions of people use them.

There might actually be the beginnings of a de facto standard. Following the links in the recent posting Change password detection: is not Chromium forms compliant you can find this implementation note from the Chromium developers:

Password Form Styles that Chromium Understands

In my experience, Chromium (in its production form Chrome) often fails to autofill authentication information, and also often autofills the wrong information in the wrong place. So much work needs to be done to standardize logins.