How do I ensure Google Password Manager stores the correct field as the username?

Background I’m a freelance web developer with a client who runs a meal-planning business. I developed a web app for her clients to use to view their meal plans. The problem One of my client’s new clients sent her a screenshot from their phone showing her at the login page, with Google Password Manager suggesting … Read more

Preventing passwords showing in source code

I am doing a password manager web app (like LastPass etc), one of the things that has occurred to me is that after using PHP to retrieve the passwords from a db and decrypting them and then using JS to display them in the UI, the variables containing their passwords are visible if someone looks at the source code. Even if I did not use JS and used echo instead it would still be in the source code. Does anyone know of a, hopefully not too complex, way that can prevent the passwords from being in the source code?