What scuppers a browser's 'remember login' logic?

For web sites that have username/password text input fields, the browser usually handily offers to remember them for you (in my case, Safari puts them in my OS X keychain).

This simply does not happen with certain web sites. The first example that comes to mind is vBulletin forums. Meaning you can't use a complex/random password unless you're willing to copy and paste it from somewhere each time.

Are browsers detecting when to offer to remember these by "does this look like a username/pas开发者_运维百科sword" heuristics and failing sometimes?

How does this work behind the scenes?

Edit: Fellow Safari users, check out this combo:

http://8-p.info/greasekit/

http://userscripts.org/scripts/show/8021

http://userscripts.org/scripts/show/28696

There's an 'autocomplete="off"' attribute on form (not officially in HTML4, but generally supported).

Try this:

<form id="loginForm" action="login.cgi" method="post" autocomplete="off">

You could use <FORM METHOD="post" ACTION="action.cgi" AUTOCOMPLETE="off"> but this only works in IE I think.

You could also use a random string for the password field ID so that the browser cannot be sure that a previously entered password is authenticating the same page this time round.

Another strategy would be to not use type="password" as the browser uses this to identify a field as a password - however, this is not a good idea as the password would not be blanked out when the user types it into the form. Any javascript to emulate this would not be executed if JS was disabled.

I think using the first two techniques would probably be as good a solution as is possible without resorting to advising your users to not allow the browser to store passwords.