How do I prevent auto complete “Use password for:” option in chrome?

Question

I am doing a project using primefaces.

In that I am using user login page.

My problem is that, when I click on the password textbox (p:inputText) the suggestions for previously saved password value is appeared on the p:inputText.

I have tried autocomplete=“off” in p:inputText and I cleared my Chrome browser history on every login but still its not working well. Before I was using autocomplete="new-password" it was working fine and was not showing suggestions. But Now Chrome Version is updated to 58.0.3029.96 So, in latest version of chrome it is not working.

Any idea?

Answer 1

I faced the same problem with Safari and p:autoComplete PrimeFaces 5.0. My solution was to prefix value with a space (not empty, not blank) on focus and then trim the space on blur:

<p:autoComplete value="#{inputBean.operator}"... onfocus="this.value = ' ' + this.value;" onblur="this.value = this.value.trim();" onchange="this.value = this.value.trim();"/>

It worked for me. The space is hardly noticeable for user. Only problem is onblur() is not fired sometimes, I don't know why, so I include onchange() to be sure to trimming the value.

I tried to use this technic with p:password:

<p:password value="#{loginBean.password}" ... onfocus="this.value = ' ' + this.value;" onblur="this.value = this.value.trim();"

Though it works, it may startle user to find a dot (•) even before she/he starts writing, but it really prevents browser from autocomplete. Normal user reaction is to delete that dot and type her/his password; if dot is not deleted by user, onblur() does.

Answer 2

You should use p:password for password input, not p:inputText. p:password renders HTML input type="password", which makes a browser treat it properly in regards to safety. A browser will never autocomplete a password into a non-password field. But if you use a basic inputText then a browser doesn't know that it's a password.