Hello, I was told to open a ticket related to this issue
Previously in https://tracker.moodle.org/browse/MDL-55476 the option for "loginpasswordautocomplete" was removed. It was removed because, realistically to the general public, its not honored by browsers.
However, I believe this logic is unsound, or at the very least not enough to justify removal of this feature. Whether or not a flag is honored by a client browser is fully a client issue.
Burp Security Suite identifies forms with passwords and autocomplete enabled as a warning. These are all shown as "Password field does not have "autocomplete=off"" warnings.
These warnings turn into security issues on our monthly review. Previously we could just enable this setting, and the problem would be solved.
There are configurations of browsers within secured federal government environments that DO respect these settings. This might not be super useful to all users, but there are edge cases where this is an important feature (of which I am one I guess).
Perhaps add a warning that "This is not respected by most browsers" or something to that effect?
But I would like to revert this change, and reinclude the feature.