How to make autocomplete = off work in the login / password field in Firefox

Question

How to make autocomplete = off work in the login / password field in Firefox

I want browsers not to store or display input values. Here is how I do it:

<form autocomplete="off"> <input type="text" autocomplete="off" name="login" /> <input type="password" autocomplete="off" name="pswd" /> ... </form>

But for some crazy reason, browsers save and display values, even if I completely clear my browser history. Therefore, I wonder why autocomplete="off" does not work. Perhaps there is another, more correct way to do this. PS. I'm not sure if this is important or not, but I use jquery to create my form.

EDIT

And by the way, contrary to the official W3C documentation , in HTML5 autocomplete="off" not respected (at least in FF).

+5

html firefox passwords autocomplete

Jacobian Oct 6 '15 at 7:55

source share

7 answers

Goujon · Answer 1 · 2015-10-06T08:19:57+0000

From https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields :

[...] many modern browsers do not support autocomplete = "off" for login fields.
if the site sets autocomplete = "off" for the form, and the form includes the username and password input fields, the browser will still offer to remember this login, and if the user agrees, the browser will automatically fill in these fields, the next time the user visits this page.
If the site sets autocomplete = "off" for the username and password input fields, the browser will still offer to remember this login, and if the user agrees, the browser will automatically execute these fields the next time the user visits this page.

Although reasoning behind this is controversial, it is intended behavior.

Balusc · Answer 2 · 2015-12-03T08:35:03+0000

Modern browsers with a built-in password manager ignore autocomplete="off" in login forms (usually this is a form with <input type="password"> ). When the end user registers for the first time through this form, the browser asks the end user whether to remember the login for this site or not. If the end user selects No, the default behavior will continue (therefore, the autocomplete attribute will be respected regardless of its value). However, if the end user selects Yes, the default behavior will be overridden, and it will behave as if autocomplete always on. This is the browser configuration option that is enabled by default. It is also mentioned in MDN .

You can get around this by simply using Ajax to submit the form. In other words, instead of using the synchronous HTML POST form “plain vanilla”, use XMLHttpRequest (if necessary indirectly, for example, jQuery or the equivalent). Current browsers do not recognize the login via Ajax and therefore will not ask the end user to remember the login.

If your web infrastructure does not offer built-in Ajax tools, consider throwing in jQuery . Then we are talking about the bottom lines to unobtrusively improve the existing form. The following example of a basic launch assumes that you have redesigned the server side to return text as true or false as an answer, depending on whether the input was successful or not. If necessary, you can conditionally answer depending on the value of the X-Requested-With header:

 $(document).on("submit", "#loginFormId", function() { var $form = $(this); $.post($form.attr("action"), $form.serialize(), function(response) { if (response) { window.location = "home.html"; // Redirect to homepage. } else { $("#errorMessageId").text("Unknown login, please retry"); $form[0].reset(); } }); });

user5325596 · Answer 3 · 2015-10-06T08:09:02+0000

Are you using Chrome? Perhaps this error matters, especially this comment .

Commented on

autocomplete = "off" is NOT respected for Autofill data, regardless of whether or not the padding is saved. You can view the autofill data in chrome: // Settings / autofill. It includes addresses and credit cards.
autocomplete = "off" is still respected for Autocomplete data, both save and populate. I know the terminology is confusing. Autocomplete data is simply trying to match name attributes. So, if you entered " user@example.com " in the tab with name = "email" in the past and Chrome sees another name = "email address", Chrome will prompt you to complete this data. However, autocomplete = "off" will stop this.

caniuse.com is a good resource for checking which browsers support this feature.

kwnet.at · Answer 4 · 2017-10-25T12:14:11+0000

Workaround to prevent the browser from using a password, but using the password type ...

Try: <input type='text' ... onfocus=' this.type="password" ' autocomplete='off'/>

Daniel van der Wal · Answer 5 · 2019-08-29T14:57:35+0000

A little late for the party, but if the browser does not comply with autocomplete="off" , as in many modern browsers, I always use autocomplete="new-password" . Be sure to add this as the first property of the input element.

Read all about it in this MDN Web Doc

MADHUR GUPTA · Answer 6 · 2019-09-03T06:53:30+0000

autocomplete = "off" and autocomplete = "false" do not seem to work for both chrome and firefox, except for these two, you can write anything, for example, autocomplete = "none", this will work. Follow the links below: Chrome Automplete Disable Chrome AutoFill

Sam teng wong · Answer 7 · 2015-10-06T07:57:26+0000

I think you should be deleting "" on autocomplete and on name , because they are not values.

 <form autocomplete="off"> <input type="text" name="login" /> <input type="password" name="pswd" /> </form>

How to make autocomplete = off work in the login / password field in Firefox

More articles: