@Paula VanDeventer - Without knowing anything about your setup, my initial thoughts are that this your password manager’s software doing this - it sees a “password” field for the “miro.com” domain and then fills in your miro.com password.

Hello Robert,

Thank you for replying to my question.  We went live with the Enterprise version of Miro about 3 weeks ago, so we are still learning about the Admin functionality.

We are using the standard in-app user management.  We have not enabled SSO/SAML or SCIM.

The documentation about sharing boards with guest editors located here:

https://help.miro.com/hc/en-us/articles/360012524559-Collaboration-with-anonymous-Guest-Editors?utm_source=miro&utm_campaign=guest_editors&utm_medium=checkbox

...says:

We are currently beta testing in this area of the product. If you encounter any troubles or would like to provide feedback on your experience, please contact feedback@miro.com 

I will try emailing the feedback address to ask my question.

Thank you!

Paula

While you wait for an answer, I would also suggest that you try disabling any of your password software and try again - this could be a browser extension or, for example if using Chrome, this could be the Chrome/Google password manager feature. Your organization could have also deployed an enterprise-wide password manager utility or browser extension.

A quick test would be to open a private/incognito browser window, sign into Miro, and open a board’s Share settings, and then public access and see if the password field populates (incognito usually disables all browser extensions).

I am 99.999% certain that Miro would not be populating this field. Even if I set a password and come back, there is only an option to edit or remove the password - and when I edit, it doesn’t populate my current password. My personal password manager’s browser extension does see this field as a password field and would auto-populate it, if I hadn’t previously disabled that feature.

Hi Robert,

Thank you for your testing recommendations.  Indeed the password field when sharing a board does prefill based on saved passwords in the browser.  If I delete my saved Miro login credentials and then login and navigate to share a board, the password field is empty rather than prefilled.

I guess this is a design issue - I would expect a blank field or a generated password feature rather than a prefilled password from my own saved password.

My coworker drilled down to the HTML and noted that the field is coded as a password input field, and therefore the browser is trying to be helpful by pre-filling it.  Ideally this would not autofill with known/existing passwords.

Knowing what is happening, we can alert our team to this behavior so we can clear any saved passwords and create a one-off password when sharing a board.

Thanks again for your help!

@Paula VanDeventer - You’re welcome!

I agree. Perhaps Miro will consider disabling the autocomplete of this password filed. I will find the Changelog Feedback post where they first announced this and suggest this to them.

If anyone is curious about disabling autocomplete on forms, check this out:

https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#the_autocomplete_attribute_and_login_fields