Do you have a password field on your page as well? If not, consider generating a random field name and retrieving the value from the request object's key/value collection (potentially with a known prefix).
After experimenting with various methods to disable autocomplete and testing around 20 different combinations, it was discovered that the following approach successfully works across all modern browsers (including the latest versions of Firefox, Chrome, IE 11, and Edge)
One effective method is to add two dummy inputs (one text and one password) at the top of your form without any names or tabbing, but ensure they are styled to be hidden (for example, positioned offscreen rather than using display: none
)
For instance:
<input tabindex="-1" style="left: -9999px;" type="text">
<input tabindex="-1" style="left: -9999px;" type="password">
This technique even outsmarts browsers that typically target the first password field (regardless of its name) and associate autocomplete with the preceding input.