This is a companion and server-side response. I'm posting as an additional option.
Method advantage: it respects the autocomplete of the username, and only protects the password.
Using some server side language, you can change the name
of the password field to a pseudo-random string, and use a hidden field to store that string, thus:
<input type="text" name="usuario">
<input type="password" name="SYG2d7s6f1Sr874yYGJ4">
<input type="hidden" name="auxiliar" value="SYG2d7s6f1Sr874yYGJ4">
So, the (practically) password field will never be the same, taking away the effectiveness of what was previously saved under another name.
Then, in a language like PHP, just use it like this:
$auxiliar=$_POST['auxiliar']
$usuario=$_POST['usuario']
$senha=$_POST[$auxiliar]
Another complementary trick is to create two fields of type password
, some browsers understand this as probable form
of password reset, and do not save in this case (you can hide one of them with CSS, for example).