diff --git a/core/modules/user/lib/Drupal/user/AccountFormController.php b/core/modules/user/lib/Drupal/user/AccountFormController.php index 512f703cf678af05f0fbc3b1cf208e26630f5668..7a1001d9fa63086b9bc533b2ba9c4ceb6fc6f256 100644 --- a/core/modules/user/lib/Drupal/user/AccountFormController.php +++ b/core/modules/user/lib/Drupal/user/AccountFormController.php @@ -95,6 +95,9 @@ public function form(array $form, array &$form_state, EntityInterface $account) '#access' => !empty($protected_values), '#description' => $current_pass_description, '#weight' => -5, + // Do not let web browsers remember this password, since we are + // trying to confirm that the person submitting the form actually + // knows the current one. '#attributes' => array('autocomplete' => 'off'), );