Some browsers implement password management; when it enters a password in the form the browser gives the option to save it, when the site is visited again, the field is auto-filled. What's more, the browser allows the user to choose a "master password" that will be used to encrypt the stored data.
So some browsers do not support autocomplete="off"
.
If you set autocomplete in a password field for example, the browser will allow the user to save the password for the next time the user visits the page. That's why some browsers do not work.
This occurs in Firefox (since version 38), Google Chrome (since 34), and Internet Explorer (since version 11).
In some cases, the browser will autocomplete to complete automatically, even if the attribute is set to off
.
The correct thing your security team should recommend would be autocomplete="nope"
. Since this random value is not a valid value , then the browser will give up filling it.
This is a unique customer issue, if the client selects to save the password, the browser will give priority to it.
This is really debatable. I'll be doing a broader reading and I'll be editing that answer.
Bookstore:
Security - Mozilla