ARTICLE AD BOX
I have multiple web applications hosted on different subdomains of the same parent domain:
ONE.abc.ai TWO.abc.ai THREE.abc.aiEach application has its own login form (email + password).
Problem
When I log in to ONE.abc.ai and save the credentials in the browser, those credentials appear as autocomplete / password suggestions when I focus the login fields on TWO.abc.ai or THREE.abc.ai.
I want to prevent passwords saved for one subdomain from appearing as suggestions on the other subdomains.
What I’ve tried
Setting autocomplete="off" on the form and inputs
Using different name attributes for email/password fields
Using:
autocomplete="new-password"Verified that each app has its own backend and login logic
None of these reliably prevent the browser from showing saved credentials from other subdomains.
Constraints / Notes
All apps are under the same parent domain (abc.ai)
This behavior occurs in Chrome and Edge (haven’t deeply tested Firefox yet)
I’m looking for a browser-compliant solution, not a JS hack that may break UX or accessibility
Question
Is it possible to completely prevent browser password managers from suggesting credentials across subdomains?
If not, what is the recommended / best-practice approach to handle authentication across multiple subdomains while avoiding this issue?
Are there any HTML standards or browser-supported mechanisms to scope saved credentials more strictly than the parent domain?
