PCI compliance time again. Although not causing a fail, this sounds like something I would like to implement. Is there a way to have the login page NOT allow autocompletion of username and password?
PCI scan report says this: The web server running on this host uses password fields that allow auto-completion by users' browsers. This could allow a user's credentials to be stored by the browser and subsequently exposed if the user's computer becomes compromised. Modify the identified page so that the password field and the enclosing form tags have an attribute named "autocomplete" with a value of "off".