We did actually use sasb's idea for one site. It was a medical software web app to run a doctor's office. However, many of our clients were surgeons who used lots of different workstations, including semi-public terminals. So, they wanted to make sure that a doctor who doesn't understand the implication of auto-saved passwords or isn't paying attention can't accidentally leave their login info easily accessible. Of course, this was before the idea of private browsing that is starting to be featured in IE8, FF3.1, etc. Even so, many physicians are forced to use old school browsers in hospitals with IT that won't change.

So, we had the login page generate random field names that would only work for that post. Yes, it's less convenient, but it's just hitting the user over the head about not storing login information on public terminals.

The best solution:

Prevent autocomplete username (or email) and password:

<input type="email" name="email"><!-- Can be type="text" -->
<input type="password" name="password" autocomplete="new-password">

Prevent autocomplete a field:

<input type="text" name="field" autocomplete="nope">

Explanation: autocomplete continues work in <input>, autocomplete="off" does not work, but you can change off to a random string, like nope.

Works in:

• Chrome: 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63 and 64

• Firefox: 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57 and 58

As others have said, the answer is autocomplete="off"

However, I think it's worth stating why it's a good idea to use this in certain cases as some answers to this and duplicate questions have suggested it's better not to turn it off.

Stopping browsers storing credit card numbers shouldn't be left to users. Too many users won't even realize it's a problem.

It's particularly important to turn it off on fields for credit card security codes. As this page states:

"Never store the security code ... its value depends on the presumption that the only way to supply it is to read it from the physical credit card, proving that the person supplying it actually holds the card."

The problem is, if it's a public computer (cyber cafe, library etc) it's then easy for other users to steal your card details, and even on your own machine a malicious website could steal autocomplete data.

Was a non-standard way to do this (I think Mozilla and Internet Explorer still support it) but messing with the users expectations is a bad idea.

If the user enters their credit card details in a form and then let's someone else use that browser it's not your concern. :)

A little late to the game...but I just ran into this problem and tried several failures, but this one works for me found on MDN

In some case, the browser will keep suggesting autocompletion values even if the autocomplete attribute is set to off. This unexpected behavior can be quite puzzling for developers. The trick to really force the no-completion is to assign a random string to the attribute like so :

autocomplete="nope"

Adding autocomplete="off" is not gonna cut it.

Change input type attribute to type="search".
Google doesn't apply auto-fill to inputs with a type of search.