Currently Firefox honors autocomplete=off for any form, including login forms, even if the password manager is protected with a master password. While the reasoning behind this is somewhat understandable (banks being jerks and threatening to block firefox) I doubt it's still relevant nowadays - firefox is widespread enough so it's unlikely that a bank will block it for allowing users to save login credentials. However, this use-case aside, the attribute is abused nowadays and sites where there is not a single acceptable reason to use it add it to their login for. One place where I noticed it is Gearbox Shift (https://login.shift.gearboxsoftware.com/login), a GAMING related site where you cannot even buy things or do ANYTHING else that's actually harmful. Obviously I can remove the attribute using the developer tools but this is annoying even though it only need to be done once per site. For this reason I think the autocomplete=off handling should be reconsidered when the password manager is involved. Some possible options would be: - Completely ignore autocomplete=off for login forms. - Completely ignore it but only if a master password is set. For enhanced security, the master password could be prompted again to actually autocomplete the password for that form (should have an about:config option though). - When autocomplete=off is set, show a different "save password?" prompt. It could mention that the site discourages saving the password and ask the user if he really wants to do so.

Wontfix likely. See bug 245333, bug 318667 and bug 389185.

Yes, this is a dupe of the first bug that Loic mentioned. Discussing revisiting this behaviour would happen on https://mail.mozilla.org/listinfo/firefox-dev