Username fields should have autocomplete="username". Password fields should have autocomplete="current-password". Password and retype fields where the user is supposed to enter a new password should have autocomplete="new-password". Spec, Chromium guidelines. This will make using browsers' built in password managers a better experience.
|Open||None||T263927 MediaWiki user and password fields should have the proper autocomplete value|
|Resolved||Tgr||T150983 Support arbitrary autocomplete values in OOUI\TextInputWidget|
Current behavior in Chrome 85:
- login form: username + password autofilled, password selection form is offered (ie. works as the user would expect)
- new password forms (change password special page, forced password change on login): same behavior as login form. There is no autocomplete for the retype field at all.
With the patch:
- login form: no change
- new password forms: the username offers the user's stored email addresses; password field offers password selection form with an extra "suggest password" option, password is copied to retype field when selected.
With the patch, but with no "username" hint on the username field in account creation:
the username only offers form history values; password field offers password selection form with an extra "suggest password" option; password is not copied to retype field when selected.
I'd like to test the behavior more and maybe file some bug reports / support questions with browser if I ever get around to it. The code change is complete but at a glance it did not seem to have all the effects I hoped. (For example, if you log in with a weak password and get the password change dialog, Chrome won't offer generating a new password, even though as far as I can see the form follows all their recommendations.)
@Sam1905571 I think the easy part is already done (apologies, I forgot to update the tags). That said if you are interested in proceeding with the task, the next step would be testing the various password forms (login, login with a weak password, signup, password change) in Chrome and checking how much they work as it's expected - does Chrome offer to generate a random password for new password fields? Does it retrieve a saved password for the old password fields? Does it properly save passwords?