I have a question regarding passwords. I decided to do an "experiment" to see the security of the data sent by forms, and even using security protocol I noticed that you can literally READ and SEE the sent password.
The browser sends everything cleanly. Ignoring the security issue, I always thought that the browser would send the 'obfuscated' data or encryption and rollback using SSL .
I used Facebook to test , in other words, it is possible to find the login and the access password of an account that is open on a machine. I gave a printscreen on the console to illustrate the data found.
Of course I've hidden some fields and changed the password
But the password displayed on the console is the same as my Facebook account
Question
- What can you do to avoid this kind of thing?
- Does the security protocol resolve this type of situation?