You add "hidden" inputs to your HTML form that are named like "First Name" or "F...

alexjurkiewicz · 2026-04-02T05:30:11 1775107811

Doesn't that break password manager autofill?

imhoguy · 2026-04-02T08:02:24 1775116944

Watch out, it may break accessibility of your service. If somebody fills these fields I would add extra verification e.g. accessible CAPTCHA.

grey-area · 2026-04-02T05:26:32 1775107592

Thanks, I’ve seen scripted attacks bypass this sort of hidden input unfortunately (perhaps human assisted or perhaps just ignoring hidden fields).

jaggederest · 2026-04-02T06:39:55 1775111995

They often do actually ignore truly hidden fields (input type=hidden) but if you put them "behind" an element with css, or extremely small but still rendered, many get caught. It's similar to the cheeky prompt injection attacks people did/do against LLMs.

grey-area · 2026-04-02T07:45:32 1775115932

Thanks.

mads_quist · 2026-04-02T05:32:54 1775107974

Sure, it's really basic of course.

bevr1337 · 2026-04-02T05:49:11 1775108951

Do you test this against password managers? Seems like this approach could generate false positives