正如MDN: How to Turn Off Form Autocompletion所解释的那样：

Modern browsers implement integrated password management: when the user enters a username and password for a site,the browser offers to remember it for the user. When the user visits the site again,the browser autofills the login fields with the stored values.

Additionally,the browser enables the user to choose a master password that the browser will use to encrypt stored login details.

Even without a master password,in-browser password management is generally seen as a net gain for security. Since users do not have to remember passwords that the browser stores for them,they are able to choose stronger passwords than they would otherwise.

For this reason,many modern browsers do not support autocomplete="off" for login fields:

• If a site sets autocomplete="off" for a form,and the form includes username and password input fields,then the browser will still offer to remember this login,and if the user agrees,the browser will autofill those fields the next time the user visits the page.

• If a site sets autocomplete="off" for username and password input fields,the browser will autofill those fields the next time the user visits the page.

This is the behavior in Firefox (since version 38),Google Chrome (since 34),and Internet Explorer (since version 11).

If an author would like to prevent the autofilling of password fields in user management pages where a user can specify a new password for someone other than themself,autocomplete="new-password" should be specified,though support for this has not been implemented in all browsers yet.