Skip to content

All password fields have a new password autocomplete attribute

From what I have looked at, most password fields have an invalid autocomplete for the current use case. Only two password fields in reForis should have this, and those are the New password and Repeat new password fields. All other password fields asking for the current password for authentication should use autocomplete="current-password".

Impact

This can have a negative impact on UX, as browsers will try to generate a new password for the field instead of filling it out.

Further reading

A resource I found really helpful for this was The HTML autocomplete attribute on MDN.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information