[orangepanda]

Are there any viable cases?

[ossopite]

Any business SaaS app where users like customer service representatives input data about their customers. Name, address, email, payment information and so on. Under no circumstances should these sort of input fields be autofilled.

[Aeolun]

Or the data stored in the CSR browser history.

[Lex-2008]

OTP one-time-password fields

[technion]

Every time I logon to a certain system, Bitwarden types my password then I get a TOTP prompt. And it offers a pulldown menu half a screen long of previously entered codes.

[orangepanda]

autocomplete="one-time-code"

Any others?

[rypskar]

Admin page where you create users for other persons. Not cool when browsers try to add your password as password for all the users you create

[orangepanda]

Then there's

autocomplete="new-password"

[Lex-2008]

good point!

But as soon as browsers stop autocompleting fields marked with autocomplete="one-time-code", won't website developers start marking _all_ input fields with this tag? After all, why do people put autocomplete="off" on input fields anyway?

[scrollaway]

autocomplete="one-time-code" causes a different type of autocomplete behaviour, it doesn't disable it. Specifically for example it will suggest a one time code you received by sms if one was recently sent (on mobile at least).

[emilfihlman]

Chrome recommends wrong passwords, passwords from wrong subdomains, and passwords for pages that will never accept custom passwords.

It's broken as fuck.

[jimktrains2]

Search fields. I don't want it filling in the users address or email address when they're searching for a customer.

We have customer service representatives that accept orders over the phone, including credit card numbers. These should not get stored by the browser as autocomplete data.