Maximise compatibility with password managers when resetting password

[johnbillion]

When I reset my password via the "Lost your password? " link on the login screen, my password manager doesn't prompt me to update my existing login credentials for that site. It's a really easy way to lose your new password.

Tested with:

• 1Password in Chrome on macOS
• Firefox built-in password manager on macOS

At a minimum, WordPress should work with the most popular password managers, including 1Password, LastPass, and the password managers built into Chromium-based browsers and Firefox, on desktop and mobile.

• What can WordPress do to maximise compatibility with password managers when resetting a password?
• Are there additional HTML attributes or hidden fields that should be implemented into the password reset process?
• Is the automatically generated password part of the problem?

[johnbillion]

From ​ the 1Password developer documentation :

On password reset and "forgot password" forms, include the username for the password that is being reset. This helps 1Password determine which item to update with the new password.

[swissspidy]

There's also the autocomplete="new-password" attribute that could potentially be used, see ​ https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete#values

[JavierCasares]

Yes, the “new-password” should be the way… probably changing that in the form at the user page will be a good first step.

More links for context:

• ​ https://www.chromium.org/developers/design-documents/form-styles-that-chromium-understands/
• ​ https://web.dev/articles/change-password-url
• ​ https://web.dev/articles/sign-in-form-best-practices