Q: Disable Safari 7.0.2 keychain password save

Have you tried removing the keychain for said website? For example, the one that you provided. I followed your instructions.

Typed "tester" in the username section. Then "user" in the password section. When prompted to save the password, I clicked save.

Closed the window and went back to it. I saw that both fields were taken up, "tester" and "****" for user. I clicked on Load random data into fields. Saw the random data, but then Safari overridden them.

Went into Safari---> Preferences---> Passwords and deleted the password associated with that website. Went back and clicked on Load Random Data Into Fields and it did just that.

I know it's not exactly what you are looking for, but it's an option.

Besides, I've had more than one Yahoo email address. If I were to double click the username, it gave me the option for both email addresses with their own password.

KOT

Then click on "Never for this Web Site."

KOT

The problem is in the default behaviour of Safari.  We can't expect novice users to make browser configuration changes.

As an illustration of the problem:

I administer a site and registered users have a profile page where they can change various parameters - including their email address.  Whenever a user goes to their profile page in Safari 7 it immediately overwrites their email field with their username.  They then can't save any changes to their profile until they replace their username with  a valid email address.  Why is Safari putting their username into an email address field?

I can prevent this behaviour by allowing users to change their username and hence exposing that field in their profile.  This is not ideal as I don't want people changing their identity at will.  However, this doesn't solve the underlying problem because when I, as the administrator, visit a user's profile it overwrites their email address with my username.

This is definitely a bug and not a feature.  A field that has a value tag, or autocomplete set to off, should not be overwritten by the browser.

This is a serious security issue. After you've logged out, another person on the same computer can log in to your account without even trying - just opening the page.

As a site owner it's a problem where we have very private data and have our pages written to prevent autofill. Safari recently began ignoring it and we have privacy at risk.

David,

Thanks for the link. Bug report lodged.

Hacky Solution....

I wrapped my login control around a div and set display:none.  I then used some JavaScript (JQuery) to wait a 1/2 second after the document was loaded and then displayed the div.  Since the fields are not visible the browser has nothing to fill.  They are coming up blank every time. 

Not the best solution, but will work until they are ready to start respecting autocomplete=off.

<div id="control" style="display:none">

...login fields

</div>

                        <script>

                            $(document).ready(function () {

                                setTimeout(function () {

                                    $('#control').toggle();

                                }, 500);

                            });

                        </script>

Hope This Helps...