15

This is the example:

https://drive.google.com/file/d/0B4CwNQ_rOoDVUVZSY3h0QXVBaG8/view

<asp:TextBox ID="TextBoxPassword" runat="server" TextMode="Password" autocomplete="off"></asp:TextBox>

I want to prevent the password autocomplete in my system. It seems it is not working with autocomplete="off". I could prevent it using $('#<%= TextBoxPassword.ClientID %>').val(""); when the window is loading, but in Chrome there is a another option call Use password for: and someone can get the password by using that. So how do I prevent it?

I don't mean the "yellow background" thing that belongs to chrome.

charitha amarasinghe
  • 481
  • 5
  • 16
  • 5
    possible duplicate of [Disabling Chrome Autofill](http://stackoverflow.com/questions/15738259/disabling-chrome-autofill) – Knelis Apr 22 '15 at 12:26
  • this is coming from the using browser. If it is having option to block that saved password using only to current aspx page I think it will be the solution. So any idea to block saved password blocking,it will be a great help. – charitha amarasinghe Apr 23 '15 at 04:03
  • 1
    Ok,,I got a trick for prevent unwanted password fill in my password text area. It is a hack !. I added another password text area and display:none for it. In that case I think the using browser can not identify the real area to fill his saved password . – charitha amarasinghe Apr 23 '15 at 09:11

3 Answers3

15

Use autocomplete="new-password", as per the specs.

Sebas
  • 19,640
  • 9
  • 48
  • 103
  • edit: whoops, totally overlooked the linked word. Mind pasting the relevant code here in case the link becomes dead? – Xyan Ewing Aug 15 '16 at 19:06
  • 1
    @Xyan I was able to add this directly to an ASP.NET TextBox tag like so: `` Adding this to *one* TextBox disabled autocomplete in Chrome on *all* the other password TextBoxes I have on my page, as well. Cheers! – Adrockski Aug 31 '16 at 17:28
  • 1
    this isn't working for me...has anything changed since this answer was posted? – jtate Jul 07 '17 at 13:37
  • 1
    "there doesn't seem to be any way programatically to turn that off. Only the end-user can" Well, the original question is, how can I as the end-user turn this feature off? If the answer has been posted above it it not clear, mixed in with the unworkable programming stuff. This feature is extremely dangerous as it gives anyone who uses my computer access to my bank account :( – Mick Jul 30 '17 at 13:12
3

In IE you need to do like this: 

<asp:TextBox ID="TextBoxPassword" runat="server" AutoCompleteType="Disabled"></asp:TextBox>

In all other browsers, this: 

<asp:TextBox ID="TextBoxPassword" runat="server" autocomplete="Off"></asp:TextBox>

Im pretty sure you need the 'off' to be: 'Off'

In HTML, as you mention you can use the; 

<form action="demo_form.asp" autocomplete="on">
  First name:<input type="text" name="fname"><br>
  Last name: <input type="text" name="lname"><br>
  E-mail: <input type="email" name="email" autocomplete="off"><br>
  <input type="submit">
</form

Either on the form or the input itself.

Maybe something else in your code is enabling it again?

Hope this works. Just tested and had no problem. Both IE and Chrome.

Krogh
  • 96
  • 5
  • HTML is not case sensitive, so it doesn't matter if you enter "Off", "off", "OFF" or "oFf". Note that if you're having trouble with Google Chrome's new "feature" to "Use password for" followed by the list of accounts that you have ever saved a password for, as of right now, there doesn't seem to be any way programmatically to turn that off. Only the end-user can. – UncaAlby Sep 09 '15 at 16:43
0

For me, none of those solved the issue. I found two workaround which solves it.

First, Chrome / FF / IE omits set autocomplete info to fields set to readonly, Second, also omits when the field(s) have init value != empty.

So, you need to setting the form fields to read only and then removing the attribute once the user focus them (can be done with Javascript, or programatically in code behind).

For example, in simple html:

<input readonly="readonly" onfocus="this.removeAttribute('readonly');" type="text" value="stored@domain.com">

In html-aspx:

<asp:TextBox runat="server" ID="TxtEmployeId" ReadOnly="true" MaxLength="100"/>

Alternatively / additionally, you can set a fixed value for the field (in the numeric field case, you can set to 0).

 if (!Page.IsPostBack)
 {
     TxtEmployeId.Text = "@";
 }

I know this solution is not confortable at all, for each field / page you have with the problem you need to apply this. But it works :)

Fer R
  • 122
  • 2
  • 7