解决这个问题最简单的方法是将INPUT字段放在FORM标记之外，并在FORM标记内部添加两个隐藏字段。然后在提交事件侦听器中，在表单数据提交到服务器之前，将值从可见输入复制到不可见输入。

下面是一个例子(你不能在这里运行它，因为表单动作没有设置为一个真正的登录脚本):

<!doctype html> <html> <head> <title>Login & Save password test</title> <meta charset="utf-8"> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script> </head> <body> <!-- the following fields will show on page, but are not part of the form --> <input class="username" type="text" placeholder="Username" /> <input class="password" type="password" placeholder="Password" /> <form id="loginForm" action="login.aspx" method="post"> <!-- thw following two fields are part of the form, but are not visible --> <input name="username" id="username" type="hidden" /> <input name="password" id="password" type="hidden" /> <!-- standard submit button --> <button type="submit">Login</button> </form> <script> // attache a event listener which will get called just before the form data is sent to server $('form').submit(function(ev) { console.log('xxx'); // read the value from the visible INPUT and save it to invisible one // ... so that it gets sent to the server $('#username').val($('.username').val()); $('#password').val($('.password').val()); }); </script> </body> </html>

其实不是——你唯一能做的就是在网站上提供建议;也许，在他们第一次登录之前，您可以向他们展示一个表单，其中的信息表明不建议他们允许浏览器存储密码。

然后，用户将立即按照建议，在便利贴上写下密码，并将其粘贴在显示器上。

除了

autocomplete="off"

使用

readonly onfocus="this.removeAttribute('readonly');"

对于您不希望他们记住的输入表单数据(用户名，密码等)，如下所示:

<input type="text" name="UserName" autocomplete="off" readonly 
    onfocus="this.removeAttribute('readonly');" >

<input type="password" name="Password" autocomplete="off" readonly 
    onfocus="this.removeAttribute('readonly');" >

在最新版本的主流浏览器(如谷歌Chrome, Mozilla Firefox, Microsoft Edge等)上进行了测试，效果非常好。

网站有没有办法告诉浏览器不要提供记住密码的功能?

该网站通过使用<input type="password">告诉浏览器这是一个密码。所以如果你必须从网站的角度来做这件事，那么你就必须改变它。(显然我不建议这样做)。

最好的解决方案是让用户配置浏览器，这样它就不会记住密码。

autocomplete="off"适用于大多数现代浏览器，但我使用的另一种方法是在Epiphany(一种支持webkit的GNOME浏览器)中成功工作，即在会话状态中存储一个随机生成的前缀(或一个隐藏字段，我碰巧在会话状态中已经有一个合适的变量)，并使用它来更改字段的名称。Epiphany仍然想要保存密码，但当返回到表单时，它不会填充字段。

真正的问题比在HTML中添加属性要深刻得多——这是常见的安全问题，这就是为什么人们为了安全发明了硬件密钥和其他疯狂的东西。

假设autocomplete="off"在所有浏览器中都能正常工作。这对安全有帮助吗?当然不是。用户将把密码写在课本上，写在每个办公室访客都能看到的显示器上贴的贴纸上，保存在桌面上的文本文件中等等。

一般来说，web应用程序和web开发人员不以任何方式对最终用户的安全负责。最终用户只能保护自己。理想情况下，他们必须把所有的密码都记在脑子里，并使用密码重置功能(或联系管理员)以防他们忘记密码。否则，总有一个风险，密码可以看到和窃取以某种方式。

所以，要么你对硬件密钥有一些疯狂的安全策略(比如，一些银行提供的网上银行基本上采用双因素认证)，要么基本上没有安全。当然，这有点夸张了。重要的是要了解你想要保护的是什么:

Not authorised access. Simplest login form is enough basically. There sometimes additional measures taken like random security questions, CAPTCHAs, password hardening etc. Credential sniffing. HTTPS is A MUST if people access your web application from public Wi-Fi hotspots etc. Mention that even having HTTPS, your users need to change their passwords regularly. Insider attack. There are two many examples of such, starting from simple stealing of your passwords from browser or those that you have written down somewhere on the desk (does not require any IT skills) and ending with session forging and intercepting local network traffic (even encrypted) and further accessing web application just like it was another end-user.

In this particular post, I can see inadequate requirements put on developer which he will never be able to resolve due to the nature of the problem - end-user security. My subjective point is that developer should basically say NO and point on requirement problem rather than wasting time on such tasks, honestly. This does not absolutely make your system more secure, it will rather lead to the cases with stickers on monitors. Unfortunately, some bosses hear only what they want to hear. However, if I was you I would try to explain where the actual problem is coming from, and that autocomplete="off" would not resolve it unless it will force users to keep all their passwords exclusively in their head! Developer on his end cannot protect users completely, users need to know how to use system and at the same time do not expose their sensitive/secure information and this goes far beyond authentication.