spec checked
OWASP Authentication Cheat Sheet password manager guidance
Documents password-manager-friendly authentication forms using standard HTML username and password inputs, reasonable maximum length, printable characters, paste support for username, password, and MFA fields, and simple Tab navigation.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Password input | Choose password input when the value is a password, passphrase, PIN-like memorized secret, current password, reauthentication secret, or credential confirmation value. | Typing, paste, selection, deletion, undo, and password-manager autofill work through native input behavior. | OWASP supports standard HTML password forms, paste support, password-manager compatibility, printable characters, reasonable maximum length, and simple Tab navigation. |
| Sign in | Choose sign in when the user needs to start or restore an authenticated session for an existing account. | The sign-in form identifies the protected service or destination before requesting credentials. | OWASP supports password-manager-friendly sign-in forms with standard username and password inputs, paste support, and simple tab order. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: OWASP Cheat Sheet Series. Last checked: .