Introduction
The information security report identified a vulnerability report in which they have mentioned that that after login submission form, the browser asks to "save password" and this saved password can be decrypted easily.
Background
While I started to fix this issue, I searched the whole internet and could not find an answer to this. Most people said that it is the job of the user to select what he wants. But, the development team might not want to take its chances and emphasized to fix it.
Using the Code
Well, after a hopeless search over the internet and trying many things like legendary "autocomplete=off" option (which didn't work, although it helped me to deceive the auto form fill functionality of browsers), I wrote a dummy password field and set its style="diplay:none" and keeping my original <html:password > field intact after that dummy input field and this worked for me to deceive the browsers.
The original implementation was like this:
<td align="right" id="any">
<html:password property="password"
redisplay="false" styleClass="any" maxlength="10"/>
</td>
Now, whenever a user submits its form, the browsers (Internet Explorer 11, Chrome) pops a prompt like "Would you like to save Password".
What did the trick was that I modified it this way.
<input type="password" style="display:none"/>
<td align="right" id="any">
<html:password property="password"
redisplay="false" styleClass="any" maxlength="10"/>
</td>
Points of Interest
Browsers always see the first password field and they look into it to take any further actions. By applying the above trick, now what browsers see is that the password field is empty, they don't prompt to ask for "save password".
