How to avoid autocomplete username and password in a form in Chrome?
I have an admin form with username and password fields that Chrome populates as it has a username and password. I would like these fields to be auto-filled. I have searched many times and already tried the autocomplete tag (in input and form), offsets: not in the style tag, and a javascript call for unwrapped autocomplete ... and none of it worked.
Could you give me your hand?
Thank!
gist link https://gist.github.com/runspired/b9fdf1fa74fc9fb4554418dea35718fe
<!--
<form autocomplete="off"> will turn off autocomplete for the form in most browsers
except for username/email/password fields
-->
<form autocomplete="off">
<!-- fake fields are a workaround for chrome/opera autofill getting the wrong fields -->
<input id="username" style="display:none" type="text" name="fakeusernameremembered">
<input id="password" style="display:none" type="password" name="fakepasswordremembered">
<!--
<input autocomplete="nope"> turns off autocomplete on many other browsers that don't respect
the form "off", but not for "password" inputs.
-->
<input id="real-username" type="text" autocomplete="nope">
<!--
<input type="password" autocomplete="new-password" will turn it off for passwords everywhere
-->
<input id="real-password" type="password" autocomplete="new-password">
</form>
source to share
The reason browsers ignore autocomplete=off
is because some websites have tried to disable auto-complete passwords.
It is not right; and in July 2014 Firefox became the last major browser to finally implement a change that ignores any website that tries to disable password autocomplete.
- Bugzilla Bug 956906 - Ignore autocomplete = "off" when prompted to save passwords via a password manager
- Reddit discussion
- Chrome announcement when they started to ignore
autocomplete=off
Any attempt by any website to bypass browser preferences is wrong, so browsers ignore it. There is no reason a website should try to disable saving passwords.
- Chrome ignores it
- Safari ignores this
- IE ignores this
- Firefox ignores this
What if I'm a special snowflake ?
There are people who bring up a good use case:
I have a shared, public, kiosk-style computer. We don't want anyone (accidentally or intentionally) to save their password so that the next user can use it.
This does not contradict the statement:
Any attempt by any website to bypass browser settings is incorrect
This is because in the case of a shared kiosk:
- it is not a web server that has an Oddball policy
- this is a client user agent that has a miracle policy
The browser (shared computer) is one that requires it not to try to save passwords.
The correct way to prevent the browser from saving passwords
is to configure the browser not to save passwords.
Since you have locked down and control this kiosk computer: you control the settings. This includes the ability to save passwords.
In Chrome and Internet Explorer, these settings are configured using Group Policies (for example, registry keys).
From the list of Chrome policies :
AutoFillEnabled
Enable autocomplete
Data type: boolean (REG_DWORD)
Windows Registry Location: Software \ Policies \ Chromium \ AutoFillEnabled
Description: Enables the Chromium autocomplete feature and allows users to automatically fill out web forms using previously stored information such as address or credit card information. If you disable this setting, autofill will not be available to users. If you enable this option or do not set a value, autofill will remain under user control. This will allow them to customize autocomplete profiles and turn autocomplete on or off as they see fit.
Please give your corporate managers their word that the attempt to disable password autocomplete is incorrect. This is so wrong that browsers deliberately ignore anyone trying to do it. These people must stop doing wrong things. ™
tl; dr: My browser will remember my username for your website. If you don't like it: this is your problem. I will not sacrifice my preferences for yours.
source to share
I found work for chrome. I have not tried this in any other browser. Load the password field as type = "text" and then when the page finishes loading, change the type to password chrome will not autocomplete the username and password.
<input type="text" name="newPassword" id="newPassword" value="" class="form-control" autocomplete="off">
<script type="text/javascript">
$(document).ready(function(){
$('#newPassword').attr('type', 'password');
});
</script>
source to share
Adding autocomplete = "thing" attributes doesn't help me. My form has a text input type and Chrome fills it with login details all the time. Adding hidden text input didn't help either. But the solution was to add a couple of hidden input fields with text and password types in front of the visible inputs
<input type="text" style="width:0;height:0;visibility:hidden;position:absolute;left:0;top:0" />
<input type="password" style="width:0;height:0;visibility:hidden;position:absolute;left:0;top:0" />
Tested with Chrome version 74
source to share
I ended up doing something like this:
<input type="password"
id="password-field"
onClick="yourFunction()"
class="form-control"/>
function yourFunction() {
var temporalValue = $('#password-field').val();
$('#password-field').val("");
$('#password-field').attr('type', 'text');
myAjaxRequestPromise(temporalValue).then(function(version) {
//more logic
}, function(errorResponse) {
// Just a hack to fool browsers and do not store my password
$('#password-field').val(temporalValue);
$('#password-field').attr('type', 'password');
// more logic
});
}
And always make sure to $('#password-field').val("")
initialize the field with no values, this can be whenever you show your modal or on the load page callback.
Seems to work fine for Safari / Chrome / Firefox
It basically switches between input types before making an Ajax request to the server, and in case of error, we return the old value for input again.
source to share
To prevent Chrome from automatically detecting your idea of your username (and so that anyone and everyone accessing the account or just annoying poo from anyone with more than one username), specify the value `` (blank space ) for the username.
<input type='text' value = ' ' name = 'username' />
source to share
In HTML 5, you can do it in one of two ways ...
<form action="demo_form.asp" autocomplete="off">
Or individual control
<input type="email" name="email" autocomplete="off">
For more information - http://www.w3schools.com/html/html5_form_attributes.asp
source to share