How to turn off password and email/username autocomplete.

form.html

<!--
  <form autocomplete="off"> will turn off autocomplete for the form in most browsers
  except for username/email/password fields
  -->
<form autocomplete="off">
  
  <!--  fake fields are a workaround for chrome/opera autofill getting the wrong fields -->
  <input id="username" style="display:none" type="text" name="fakeusernameremembered">
  <input id="password" style="display:none" type="password" name="fakepasswordremembered">
  
  <!--
    <input autocomplete="nope"> turns off autocomplete on many other browsers that don't respect
    the form's "off", but not for "password" inputs.
  -->
  <input id="real-username" type="text" autocomplete="nope">
  
  <!--
    <input type="password" autocomplete="new-password" will turn it off for passwords everywhere
    -->
  <input id="real-password" type="password" autocomplete="new-password">
  
</form>

That worked for me and my friend (@amandasantiagu), we are using the latest Chrome version 94.0.4606.81
We used it in React and it worked perfectly

<form autocomplete="off" style="100%">
        <input autocomplete="false" type="search" style=" overflow: hidden; display: none " />

        <input autocomplete="new-password">Your input info here </input>
</form>

use 'novalidate' on the form element
https://www.w3schools.com/tags/att_form_novalidate.asp

help me for this type for special password

If you want to prevent the browser's password manager from autofilling, check out @krozamdev/masked-password. It helps hide password inputs from autofill detection.

For now only found MS Edge Version 135.0.3179.98 (Official build) (arm64) to ignore autocomplete="off", so had to use autocomplete="new-password"

The autocomplete="off" attribute should prevent most browsers from autofilling the field, but some browsers may still autofill due to their internal heuristics. To further prevent autofill, you can try using a non-standard value for the autocomplete attribute, such as autocomplete="new-password", a non-standard value that browsers typically do not recognize for autofill purposes. This effectively disables the browser's autofill behavior for the input field.

ref. https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofilling-form-controls:-the-autocomplete-attribute

I have tried multiple approaches mentioned above including disabling autocomplete (autocomplete="new-password", autocomplete="off", autocomplete="some wierd name",... etc, using randomised input names, syncing custom masked fields to hidden inputs, injecting fake username fields, clearing inputs on load, and applying readonly+on-focus tricks.

All seem to fail to consistently suppress Chrome’s aggressive behaviour on password fields to fix this particular issue.

NOTE: I have tested these changes on firefox, safari, arc and they seem to do the job, it is on chrome where they draw the line 😄

ref:

• https://developer.mozilla.org/en-US/docs/Web/Security/Practical_implementation_guides/Turning_off_form_autocompletion#Preventing_autofilling_with_autocompletenew-password
• https://www.chromium.org/developers/design-documents/form-styles-that-chromium-understands
• whatwg/html#3531

Oh, that's good to know - hopefully Firefox also fixes and rejects this shitty behaviour. Making things both harder and less secure for users is evil and kinda stupid.