[mjthompson]

I'm sure there are valid reasons. Unfortunately, many sites disable it without a good reason, and in those cases, I am glad Chrome hinders their misguided efforts. Many banks, for instance, think password managers are bad and disable it. Chrome preventing them doing so is a good thing.

[andylynch]

They can be persuaded to change these policies. Asking why they aren’t following the current NIST (US) or NCSC (GB) password guidelines is helpful.

[Deestan]

I can't persuade my bank to revisit their security decisions in any reasonable time frame or within any reasonable amount of effort.

[Aeolun]

I do not. Ultimately it is up to the website owners, it shouldn’t be ignored by the browser if it’s part of the spec.

[noja]

Why do you think it is up to website owners, and not website users?

[Aeolun]

The website users do not write the HTML? They can set their browser to override whatever they want, but it should not be the default.

[jerf]

You can strengthen that... it is up to the users, as a matter of practical fact. I've right-clicked -> edit attribute -> autocomplete=true more than once. I've cleared the right-click handlers and keypress handlers that were blocking paste, or run $0.setAttribute("value", "paste your password here on the console where they can't stop you") (after you select the element in the inspector).

Browsers as they stand now are not capable of truly blocking autocomplete, or pasting into a field with an input box. If they aren't implementing their own text field with a canvas and taking keystrokes themselves they aren't blocking paste anyhow. (And if they do that I can still tampermonkey or something my way into a "paste".)