| If they're going to update that page just add it to the list: - Title (ideally unique, like Login | Hacker News) - Use of section heading elements for "Login" and "Create Account" - A background color - Set the autocomplete attribute on the two password inputs to "current-password" for login and "new-password" for Create Account. Give both username inputs the autocomplete "username"[0] - Give the two username and password inputs unique names (e.g. username, new-username, password, new-password) - Stop being "clever" and change to standard HTML forms. Currently, both login/create forms point to the same endpoint, with the button's "value" mutating what that end-point does. This is completely non-standard and therefore difficult for any password manager to navigate without hard-coding. Instead, have each submit to a different endpoint (e.g. login, and create-account respectively). - The forgotten password page also points to an endpoint called "x" and the username input has a different name than either one found on the login page "s" and no autocomplete hint. If someone wanted to target HN with a bot, circumventing this would be trivial. It only really negatively impacts legitimate users trying to use password managers. [0] https://developer.apple.com/documentation/security/password_... |