We’re slowly moving to the Pulse Secure client where you can disable this as part of the connection profile, but for some things we’re still reliant on the Pulse Secure portal that runs through your web browser.
As of 8.1 there is no option to prevent the users browser prompting to store the username and password, other than to disable the functionality in your web browser - which we’re looking into.
My bank doesn’t do this, Outlook Web App doesn’t do this, and I’m surprised that a browser based VPN does.
I logged it with Pulse Secure wondering if I’d missed an obvious setting in the VPN admin console and they’ve confirmed it cannot be disabled from within the VPN.
That seems just a normal thing to want a web based security product to do?
And yes, shame on me for not having considered it previously when I should have.
This is a web browser functionality, just like any other website like Amazon, ebay etc. When the enter the username and password the browser will ask if they want to store the credentials.
On the Pulse Secure Client, you can save the credentials or use single-sign on so they’re logged automatically at the Windows login screen.
Use a two factor authentication solution…
We do, still feels like it’s slightly self-defeating for a VPN not to have the option to disable autocomplete.
That is a browser feature. The purpose of the VPN is to provide connectivity, not authentication. The PSA appliances are very good appliances and support multiple authentication servers, certificate authentication, and host checking.
Yup. This.
Chrome recently started ignoring the don’t save passwords directives for Internet banking on one of my banks sites. Pretty poor decision on googles part imo