diff --git a/core/modules/user/src/Form/UserLoginForm.php b/core/modules/user/src/Form/UserLoginForm.php
index cdbcfa7c4e7b2b14042cf23717ead9e1b4230da1..e4f027381e12c75f4e7ae8298943f464892e5bfe 100644
--- a/core/modules/user/src/Form/UserLoginForm.php
+++ b/core/modules/user/src/Form/UserLoginForm.php
@@ -115,6 +115,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
         'autocapitalize' => 'none',
         'spellcheck' => 'false',
         'autofocus' => 'autofocus',
+        'autocomplete' => 'username',
       ],
     ];
 
@@ -123,6 +124,9 @@ public function buildForm(array $form, FormStateInterface $form_state) {
       '#title' => $this->t('Password'),
       '#size' => 60,
       '#required' => TRUE,
+      '#attributes' => [
+        'autocomplete' => 'current-password',
+      ],
     ];
 
     $form['actions'] = ['#type' => 'actions'];
diff --git a/core/modules/user/src/Form/UserPasswordForm.php b/core/modules/user/src/Form/UserPasswordForm.php
index 11407bce73ca31c1e25952f75affbff3d174adce..db5efc6180bfcd9b322eb3fbe3430d51c8eb0950 100644
--- a/core/modules/user/src/Form/UserPasswordForm.php
+++ b/core/modules/user/src/Form/UserPasswordForm.php
@@ -120,6 +120,7 @@ public function buildForm(array $form, FormStateInterface $form_state) {
         'autocapitalize' => 'off',
         'spellcheck' => 'false',
         'autofocus' => 'autofocus',
+        'autocomplete' => 'username',
       ],
     ];
     // Allow logged in users to request this also.
diff --git a/core/modules/user/tests/src/Functional/UserLoginTest.php b/core/modules/user/tests/src/Functional/UserLoginTest.php
index de192a168f2b22656630af28986fd445dc1de2bb..fe339e896ce5fa645802f587aabb345feeb9bf3c 100644
--- a/core/modules/user/tests/src/Functional/UserLoginTest.php
+++ b/core/modules/user/tests/src/Functional/UserLoginTest.php
@@ -343,4 +343,15 @@ public function resetUserPassword($user) {
     $this->submitForm([], 'Log in');
   }
 
+  /**
+   * Tests that user login form has the autocomplete attributes.
+   */
+  public function testAutocompleteHtmlAttributes() {
+    $this->drupalGet('user/login');
+    $name_field = $this->getSession()->getPage()->findField('name');
+    $pass_field = $this->getSession()->getPage()->findField('pass');
+    $this->assertEquals('username', $name_field->getAttribute('autocomplete'));
+    $this->assertEquals('current-password', $pass_field->getAttribute('autocomplete'));
+  }
+
 }
diff --git a/core/modules/user/tests/src/Functional/UserPasswordResetTest.php b/core/modules/user/tests/src/Functional/UserPasswordResetTest.php
index ab202ee7ea8d8d79c57e5c3e7bd46b2c326e6038..442a0cb8c6dab138f9d772556b8d1fbf70290920 100644
--- a/core/modules/user/tests/src/Functional/UserPasswordResetTest.php
+++ b/core/modules/user/tests/src/Functional/UserPasswordResetTest.php
@@ -642,4 +642,13 @@ public function testResetImpersonation() {
     $this->assertSession()->pageTextContains('You have tried to use a one-time login link that has either been used or is no longer valid. Request a new one using the form below.');
   }
 
+  /**
+   * Test the autocomplete attribute is present.
+   */
+  public function testResetFormHasAutocompleteAttribute() {
+    $this->drupalGet('user/password');
+    $field = $this->getSession()->getPage()->findField('name');
+    $this->assertEquals('username', $field->getAttribute('autocomplete'));
+  }
+
 }