45

My Problem

I must have turned on google to autofill for a login on my site, however it is trying to now autofill that login data whenever I want to edit my account info or edit another users account info (as an admin). It fills in my data in weird spots. The issue seems to be that Chrome auto fills any input with a type of password and then whatever the input before it is (see image below). If I put a select box before it then it won't autofill.

Google autofilling registration with login details

I obviously don't want to have to go through and delete the password/phone every time I edit a user. I also don't want my users to have to do that when they are editing their own account. How do I remove it?

What I have tried (with no success)

  • Adding autocomplete="off" to the form as well as both the phone and password inputs.
  • Adding value="" to both inputs
  • Changing the name= of the password input. I tried pw, pass, password, and cheese (incase chrome was picking up the name)
  • Adding autocomplete="off" through the jquery .attr

What I have found

I found that Google may be intentionally ignoring autocomplete: Google ignoring autocomplete

I found another user posting a similar question but the solution is not working for me: Disable Chrome Autofill

I also found another user doing a work around involving creating a hidden password field which would take the google autocomplete, I'd prefer a cleaner solution as in my case I would also need a hidden input above it to avoid both from autofilling: Disable autofill in chrome without disabling autocomplete

5
  • Try to put other hidden password field in the form. It´s a dirty hack but only solution that works to me.
    – Marcio J
    Commented May 11, 2014 at 17:11
  • Yeah, that was one of the options I found, but I was looking to find a way that is not a hack.
    – Tyler
    Commented May 29, 2014 at 16:29
  • 2
    This is driving me crazy. I can't seem to find a non-hack way to tell google the purpose of the fields on my admin pages.
    – ewalk
    Commented Jun 6, 2014 at 9:19
  • Chrome might also be checking label value, not only input name. Some recommend replacing <label>Password:</label> with something like <label>Pa<span>ssword</span>:</label>. Didn't work for me. I also tried cleaning value with jQuery right after the page is loaded - no luck.
    – ZurabWeb
    Commented Sep 22, 2014 at 17:43
  • Please check my workaround here: stackoverflow.com/questions/15738259/disabling-chrome-autofill/…
    – Fareed Alnamrouti
    Commented Mar 16, 2016 at 8:29

10 Answers 10

Reset to default
59

In HTML5 with autocomplete attribute there is a new property called "new-password" which we can use to over come this issue. Following works for me. 

<input id="userPassword" type="password" autocomplete="new-password">

current-password : Allow the browser or password manager to enter the current password for the site. This provides more information than "on" does, since it lets the browser or password manager know to use the currently-known password for the site in the field, rather than a new one.

new-password : Allow the browser or password manager to automatically enter the new password for the site. This might be automatically generated based on the other attributes of the control, or might simply tell the browser to present a "suggested new password" widget of some kind.

Refer: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/password

1
  • 1
    Note: You unfortunately can't dynamically change autocomplete field. If your password field changes roles (maybe if a known user enters their email) then you should use two password fields - one of each type. [current Chrome as of today]
    – Simon_Weaver
    Commented Dec 30, 2018 at 8:10
14

This can be solved without hacks, but it is not necessarily intuitive. There are two weird decisions that Chrome makes. First, Chrome ignores autocomplete="off" in its parsing, and second, Chrome assumes the field that comes before a password field must be a username/email field, and should be autocompleted as such.

There are ways around this though that leverage the HTML5 autocomplete attribute spec.

As you will see in the link below, there are standard values for the attribute autocomplete. To avoid having Chrome assuming the field before a password is an email field, use either one of the official values (e.g., tel for a phone number), or make up a value that does not exist on the list, but is also not off or false.

Google suggests you use one of the standard values with new- prepended to the value, e.g., autocomplete="new-tel". If you want a password field to not autocomplete, you can use autocomplete="new-password", for instance.

While technically you could of course make the attribute something random without context to the same effect (e.g. autocomplete="blahblahblah"), I recommend the new- prefix as it helps give any future developer working on your code some context of what you're accomplishing with this attribute.

Ref: https://html.spec.whatwg.org/multipage/forms.html#autofilling-form-controls:-the-autocomplete-attribute

0
10

Sometimes even autocomplete=off would not prevent to fill in credentials into wrong fields, but not user or nickname field.

Fix: browser autofill in by readonly-mode and set writable on focus

 <input type="password" readonly onfocus="this.removeAttribute('readonly');"/>

(focus = at mouse click and tabbing through fields)

Update: Mobile Safari sets cursor in the field, but does not show virtual keyboard. New Fix works like before but handles virtual keyboard:

<input id="email" readonly type="email" onfocus="if (this.hasAttribute('readonly')) {
    this.removeAttribute('readonly');
    // fix for mobile safari to show virtual keyboard
    this.blur();    this.focus();  }" />

Live Demo https://jsfiddle.net/danielsuess/n0scguv6/ // UpdateEnd

Explanation: Browser auto fills credentials to wrong text field?

@Samir: Chrome auto fills any input with a type of password and then whatever the input before it is

Sometimes I notice this strange behavior on Chrome and Safari, when there are password fields in the same form. I guess, the browser looks for a password field to insert your saved credentials. Then it autofills username into the nearest textlike-input field , that appears prior the password field in DOM (just guessing due to observation). As the browser is the last instance and you can not control it,

This readonly-fix above worked for me.

5
  • and don't forget to add input[readonly] { cursor: text; } to your CSS
    – Juribiyan
    Commented Jun 17, 2016 at 16:58
  • 1
    @dsuess This solution works, but it brakes soft keyboard triggering on mobile-safari. Keyboard pop-up is not triggered by onfocus when input field is readonly. So this is the only workaround but it comes with a cost, the one that i am trying to solve right now
    – caniaskyouaquestion
    Commented Oct 27, 2016 at 7:06
  • @caniaskyouaquestion Thanks for pointing this out. Check out the updated script.
    – dsuess
    Commented Oct 30, 2016 at 13:39
  • 1
    This solution actually works. Unbelievable how something like autocomplete="off" doesn't work. When I am resetting password, I don't want to get the old password set into the field Google...
    – Bartando
    Commented Jan 23, 2019 at 21:34
  • This is an excellent implementation thank you saved me many a hour of searching!
    – d0rf47
    Commented Jan 5, 2021 at 18:23
2
  • fake inputs dont work
  • autocomplete="off" / "new-password" / "false" and so on dont work, chrome ingores them all

Solution that worked for us:

<script>
        $(document).ready(function(){

            //put readonly attribute on all fields and mark those, that already readonly
            $.each($('input'), function(i, el){
                if ($(el).attr('readonly')) {
                    $(el).attr('shouldbereadonly', 'true');
                } else {
                    $(el).attr('readonly', 'readonly');
                }
            });

            //Remove unnecessary readonly attributes in timeout
            setTimeout(function(){

                $.each($('input'), function(i, el){
                    if (!$(el).attr('shouldbereadonly')) {
                        $(el).attr('readonly', null);
                    }
                });

            }, 500);
        });
    </script>
1
  • Urgh! This should be the accepted answer - I have a page where chrome keeps clobbering a user-supplied token (not a password) with the wrong value and adapting this was the only thing that worked - thanks man!
    – Geoff Williams
    Commented Jun 12, 2019 at 8:34
1

Following @Rob Porter feedback, in my case this was happening on a single input field (a PIN field), where password was being suggested and other field in the form was being populated.

Solved the issue by adding a dummy input field right before the PIN input as such:

<input id="pin-dummy" name="pin-dummy" type="text" style="opacity:0%;width:1px;height:1px;position:absolute;left:0px;top:0px" />
<input id="pin" name="pin" type="password" autocomplete="new-password" />
0

Chrome has updates, fake inputs are not working any more.

Chrome seems to remember everything after an success 200 net connection, whatever input[type=password] is activated on the screen will be remembered.

I've tried dynamically set the inputs to type text, clearing the contents, they don't always work, especially when there is a button to get verify code before submitting the form.

Finally, I figured it out:

listen to inputs focus and blur events,

everytime blur:

var psw1 = $('input[name=psw1]').val();
$('input[name=psw1]').val((new Array(psw1.length)).join('*'));
$('input[name=psw1]').attr('type', 'text');

everytime focus:

$('input[name=psw1]').attr('type', 'password');
$('input[name=psw1]').val(psw1)

the side effect is obvious, input's content would change every focus and blur event, but this method prevent chrome from remembering password perfectly.

0

Opacity

We fixed this by adding a field and setting its opacity to 0. so chrome still think there is a field an filling it. 

    width: 0px !important;
    height: 0px !important;
    opacity: 0 !important;
0

I noticed that Chrome / FF browser ALWAYS auto-filled the text input immediately preceding the password field. So the simplest solution was to add a "dummy" input:

0

I handle this problem with some simple js

<input type="password" name="password" class="autocomplete-off" readonly="readonly">

// autocomplete
$('input.autocomplete-off').click(function () {
    $(this).removeAttr('readonly');
});
0

On my side the situation have been resolve by surronding my input with a form autocomplete="off".

<form autocomplete="off">
   <input placeholder="Ville" type="text" class="w3-input town-input" type="text" />
</form>

Working fine !!!!

Not the answer you're looking for? Browse other questions tagged or ask your own question.