Recently AT&T changed the account management web site for the GoPhone. The new format is a lot easier to read and looks great. However, when I close my browser, the site does not log me out and my password is saved in the password field. Next time I open my browser, I can log in without re-entering my password. Note: I do not have my broswer set to remember passwords on ANY site!
Prior to the redesign, I had to re-enter my password every time I returned to the AT&T site.This is a security concern and it seems like a vulnerability. Anyone else notice this new behavior?
I cleared the cache and cookies. There were no saved passwords in Security - Options - Saved Passwords. I logged out of GoPhone account management (https://www.paygonline.com), then closed and reopened Firefox and returned to the GoPhone account management site. My 10-digit wireless number and password (displayed as four stars, as usual) were still there. I just hit the blue login button and logged in.
This is very odd because it seems to me that clearing the cache and cookies should remove that information from the form. It does not in this case.