Chrome Autofill doesn't respect autocomplete=off

<i>Chrome does not respect autocomplete=off (2018)</i> - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=26309919" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=26309919</a> - March 2021 (74 comments)

Good. I have never, not once, seen autocomplete=off where it actually made sense, except in the minds of a developer who erroneously thinks it&#x27;s a good idea to block password managers.<p>I can imagine legitimate hypothetical use cases for it. I&#x27;ve just never seen a legitimate actual use case.<p>Edit: NIST says (in <a href="https:&#x2F;&#x2F;pages.nist.gov&#x2F;800-63-FAQ&#x2F;#q-b12" rel="nofollow">https:&#x2F;&#x2F;pages.nist.gov&#x2F;800-63-FAQ&#x2F;#q-b12</a>):<p>&gt; In SP 800-63B, NIST has not explicitly recommended the use of password managers, but recommends that verifiers permit the use of “paste” functionality so that the subscriber can use a password manager if desired.<p>I&#x27;ll take their word over some rando app developer who doesn&#x27;t want users to have a working 1Password setup.

Yes, I should have to read out and type my 30 character password from my password manager when sites use `autocomplete=off` and disable pasting on the confirm password field (at least for when I accidentally leave clipboard events on).

This is a low quality post; this linked bug appears to have thousands of comments, most of them are advocacy repetition, and I don’t know whether OP is trying to point out the technical workaround linked, advocating for this to be changed, or advocating against this being changed.<p>OP, I wish you’d written a blog post about what you see as relevant and interesting here, citing material from the bug and&#x2F;or elsewhere — and then posted <i>that</i> to HN. (And, no, altering the post title wouldn’t help; your title is correct for the link you provided - thank you for adding Chrome!)

Why is every top-level comment equating autocomplete with the ability to paste a password? Those are two explicitly different use cases, and one should <i>not</i> affect the other.<p>I don&#x27;t want my password fields autocompleting; that sounds like an absolute usability nightmare. Conversely, I don&#x27;t think browsers should even be <i>able</i> to stop me from pasting <i>whatever I damn well please</i> into a password field.<p>As to the other sentiments expressed here and in the main issue thread, I don&#x27;t really disagree with Google&#x27;s stance on autocomplete in regular form fields. I only really care about being able to remove invalid autocomplete entries that I may have mistakenly entered in the past (without simply deleting every entry).

I don&#x27;t respect it, either.

It hasn&#x27;t since at least 2015. And <i>good</i>.<p><a href="https:&#x2F;&#x2F;bugs.chromium.org&#x2F;p&#x2F;chromium&#x2F;issues&#x2F;detail?id=468153#c164" rel="nofollow">https:&#x2F;&#x2F;bugs.chromium.org&#x2F;p&#x2F;chromium&#x2F;issues&#x2F;detail?id=468153...</a>

&gt; Web applications developer KNOW THE CONTEXT OF THEIR USE CASE<p>I&#x27;ll believe this when web sites stop disabling paste