Passwords in IE11

June 23rd, 2014

Today’s Web relies on passwords as a form of authentication, which means people have to log into a variety of different services every day. Not only is typing passwords on touch devices cumbersome, but people are creating weak passwords and using the same password for every site, making them more vulnerable to identity theft. Having a secure, reliable password manager is the best method for encouraging people to create strong, unique passwords for every site.   

With Internet Explorer 11, we’ve done work to make signing into sites faster and more reliable as well as give users more control when saving credentials.  In addition, IE11 will now roam credentials to IE11 on Windows Phone 8.1!

Password autofill with IE11 on Windows Phone 8.1
You can now save and roam passwords to IE11 on Windows Phone 8.1

Reliable Login form detection

With IE11, we’ve beefed up our login form detection which means that IE will now prompt to remember passwords on over 90% of login forms on the Web.  This is a significant improvement over previous versions of IE.

You decide if you want to save your password

We are giving control back to the user when deciding to save passwords on a given site.  IE11 will now prompt the user to save passwords even if the autocomplete=off attribute is set on login forms.  IE will continue to honor this attribute on all other form fields (e.g. username, credit card, address, name, etc.).  There are two main reasons for doing this. One is to address the user confusion around why IE won’t remember passwords on certain sites. The second is because we believe that encouraging users to create strong, unique passwords is more important than honoring the autocomplete=off attribute on forms. Users should be able to decide for themselves if it is safe to save a password on a given device and situation. 

Sign in faster

IE will save you time by automatically pre-populating your credentials after the page has loaded, when it is safe to do so. Previously, users were required to click or tap in the username field and then click or tap again to select the username to populate the password.  This presented problems on touch devices—triggering double-tap to zoom—and on sites that pre-populated usernames from cookie information. This change in Autocomplete behavior on login forms is secure, as IE will revert back to its old tap-and-select behavior when the site does not meet certain security criteria. This design is a result of our focus on keeping the user secure.

For tablet users, double-tap-to-zoom has now been disabled on input elements to address the issue where tapping and selecting an Autocomplete item triggered optical zoom. Last, to allow sites to detect when the username and passwords have been filled, IE will now fire the ‘input’ and ‘change’ events when pre-populating credentials in the form.

Sign in once, everywhere

With Windows 8.1 and Windows Phone 8.1, users don’t have to re-enter their credentials for the same domain in a Windows or Windows Phone Store app that they’ve previously saved in IE.  This significantly speeds up your sign in experience across apps and devices. In IE11, Windows will use your IE saved credentials for that same domain hosted in Store app via the Web Authentication Broker. As always, Store apps will never be able to read the credentials stored in IE.

Sharing credentials between apps and IE.
Windows will user your sign in info from IE11 for the same domain hosted in a Windows Store app

Windows Store apps using the Web Authentication Broker today will automatically get this experience with no additional markup required. And, your site and app credentials will roam between your PC and mobile devices as well.

Managing passwords

IE11 on Windows 8.1 stores credentials in the Windows Credential Locker. Web site passwords can be managed in the Credential Manager desktop control panel on Windows 8. With IE 11 on Windows 8.1, you can now also manage your Web accounts directly from the modern Internet Options. To do this from the modern IE, swipe from the right to open the Charm and tap Settings. From there, you can open your accounts and manage your credentials without switching to the desktop.

Manage credentials directly from within Internet Explorer
Managing your Web site accounts can now be done directly within the browser

And, as previously mentioned, all credentials can be roamed to all your Windows 8.1 devices.

Please try IE11 on Windows 8.1, Windows Phone 8.1 or Windows 7 to try out these new experiences for yourself! Looking forward to your feedback.


— Amy Adams, Senior Program Manager, Internet Explorer

Some developer notes:

In order for your site to work with IE 11’s password manager, the login form must meet the following criteria:

  • Contain both a username and password to login to a service
  • Username and password fields are encapsulated in the HTML5 form element
  • Uses HTML5 standard input types for username field that accept free-form user input
  • Uses HTML5 password input type is used for the password field
  • DOM Level 2 submit event is fired upon submission of the form and credentials are not cleared before the submit event is fired