[takeda]

I liked the old Opera approach to this. By default it did not fill the fields, unless you clicked on a Wand button, or used Ctrl+Enter shortcut.

This also worked really well with encrypted password storage (if you configured that key was forgotten after e.g. 10 minutes), it did not nag you to enter the password if you visited site where you stored password but did not intended to log in at given time.

There's an add-on for Firefox[1], but doesn't work as well as it did in Opera, and also it doesn't solve the password nagging issue, but I suppose it could help address the vulnerability mentioned here.

I really don't understand why all browsers insist to handle password this way.

[1] https://addons.mozilla.org/en-US/firefox/addon/secure-login/

[MiddleEndian]

I miss the magic wand so much. It also ignored autocomplete=false. Truly a tool that belonged to the user above all else.

[jamesgeck0]

Chrome doesn't fill in the fields by default either. The issue is what the autocomplete tool does after it has been activated, not how it's activated.

Also, while Opera's wand button filled in both login credentials and common form elements, Chrome's autocomplete is limited to common form elements.