<i>Chrome does not respect autocomplete=off (2018)</i> - <a href="https://news.ycombinator.com/item?id=26309919" rel="nofollow">https://news.ycombinator.com/item?id=26309919</a> - March 2021 (74 comments)
Good. I have never, not once, seen autocomplete=off where it actually made sense, except in the minds of a developer who erroneously thinks it's a good idea to block password managers.<p>I can imagine legitimate hypothetical use cases for it. I've just never seen a legitimate actual use case.<p>Edit: NIST says (in <a href="https://pages.nist.gov/800-63-FAQ/#q-b12" rel="nofollow">https://pages.nist.gov/800-63-FAQ/#q-b12</a>):<p>> In SP 800-63B, NIST has not explicitly recommended the use of password managers, but recommends that verifiers permit the use of “paste” functionality so that the subscriber can use a password manager if desired.<p>I'll take their word over some rando app developer who doesn't want users to have a working 1Password setup.
Yes, I should have to read out and type my 30 character password from my password manager when sites use `autocomplete=off` and disable pasting on the confirm password field (at least for when I accidentally leave clipboard events on).
This is a low quality post; this linked bug appears to have thousands of comments, most of them are advocacy repetition, and I don’t know whether OP is trying to point out the technical workaround linked, advocating for this to be changed, or advocating against this being changed.<p>OP, I wish you’d written a blog post about what you see as relevant and interesting here, citing material from the bug and/or elsewhere — and then posted <i>that</i> to HN. (And, no, altering the post title wouldn’t help; your title is correct for the link you provided - thank you for adding Chrome!)
Why is every top-level comment equating autocomplete with the ability to paste a password? Those are two explicitly different use cases, and one should <i>not</i> affect the other.<p>I don't want my password fields autocompleting; that sounds like an absolute usability nightmare. Conversely, I don't think browsers should even be <i>able</i> to stop me from pasting <i>whatever I damn well please</i> into a password field.<p>As to the other sentiments expressed here and in the main issue thread, I don't really disagree with Google's stance on autocomplete in regular form fields. I only really care about being able to remove invalid autocomplete entries that I may have mistakenly entered in the past (without simply deleting every entry).
It hasn't since at least 2015. And <i>good</i>.<p><a href="https://bugs.chromium.org/p/chromium/issues/detail?id=468153#c164" rel="nofollow">https://bugs.chromium.org/p/chromium/issues/detail?id=468153...</a>