I've heard it said that the biggest security hole in any system is the one between the keyboard and the chair. People (or at least a lot of people) need to be kinda protected from themselves. Particularly when it comes to 'all that technical stuff' like computers. Which is a shame, considering how ubiquitous they've become.
Here's a really tiny thought, but one that only occurred to me today.
Would it really be that hard to have a header or a flag or something on a web page that told the browser that under no circumstances should they cache, autocomplete, or in any way retain on the computer and values put into a form?
Just occurred to me today when Firefox autocompleted my bank details and password when I was paying some bills online.
Don't get me wrong, most of the websites I go to that need authentication have their username and passwords autocompleted. I love it. I'm even right down with Firefox's domain-level password remembering stuff (so if your site of choice puts its session ID in the URL, it'll still complete your details). But there are just some places that I really don't want to be able to do it, event if I wanted to!
PS - Yes, it's fixed now. I was in a rush one time to see my bank statement for various reasons, working on a brand new machine that I hadn't configured yet, so that's why all the details were there. But very few people I know even know how to clear their saved passwords.
Just wanted to share. I'm off to bed.