This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
> "The "off" keyword indicates either that the control's input data is particularly sensitive (for example the activation code for a nuclear weapon); — [4.10 Forms — HTML 5.1 Nightly Specs][1] It's a user choice: to save or not the form data regardless its sensivity. For password, in all major browsers ([Firefox 30][1], [Safari][3], [IE11][4], Chrome) they no longer rely on `autocomplete` attribute to prevent passwords being saved. I still agree with using it for disable auto fill when an alternative is provided or when the value will never be reused. But shouldn't use to "protect" sensitive data. [1]: http://www.w3.org/html/wg/drafts/html/master/forms.html#attr-fe-autocomplete-off [2]: https://developer.mozilla.org/en-US/Firefox/Releases/30/Site_Compatibility#%3Cform_autocomplete.3D.22off.22%3E_no_longer_prevents_passwords_from_being_saved [3]: http://lists.w3.org/Archives/Public/public-webapps/2013OctDec/1028.html [4]: http://lists.w3.org/Archives/Public/public-webapps/2014JanMar/0015.html
HTML5.1 Bugzilla Bug Triage: Won't fix. It is up to the web author to decide how to use this value the spec is only providing key examples on when to use it. We see no need to change this text at this time. If this resolution is not satisfactory, please copy the relevant bug details/proposal into a new issue at the W3C HTML5 Issue tracker: https://github.com/w3c/html/issues/new where it will be re-triaged. Thanks!