chore(security): disable autocomplete on sensitive input fields

Disable autocomplete on authentication and security-related forms to prevent
browsers from storing sensitive credentials. This affects sign-in, password
reset, account security, and onboarding forms across admin, web, and space apps.

Modified components:
- Auth forms (email, password, unique code, forgot/reset/set password)
- Account security pages
- Instance setup and profile onboarding
- Shared UI components (auth-input, password-input)

Author: prateekshourya29

apps/admin/app/(all)/(home)/sign-in-form.tsx

@@ -140,7 +140,7 @@ export function InstanceSignInForm() {
                 placeholder="[email protected]"
                 value={formData.email}
                 onChange={(e) => handleFormChange("email", e.target.value)}
-                autoComplete="on"
+                autoComplete="off"
                 autoFocus
               />
             </div>
@@ -159,7 +159,7 @@ export function InstanceSignInForm() {
                   placeholder="Enter your password"
                   value={formData.password}
                   onChange={(e) => handleFormChange("password", e.target.value)}
-                  autoComplete="on"
+                  autoComplete="off"
                 />
                 {showPassword ? (
                   <button

apps/admin/core/components/instance/setup-form.tsx

@@ -204,7 +204,7 @@ export function InstanceSetupForm() {
                 value={formData.email}
                 onChange={(e) => handleFormChange("email", e.target.value)}
                 hasError={errorData.type && errorData.type === EErrorCodes.INVALID_EMAIL ? true : false}
-                autoComplete="on"
+                autoComplete="off"
               />
               {errorData.type && errorData.type === EErrorCodes.INVALID_EMAIL && errorData.message && (
                 <p className="px-1 text-11 text-danger-primary">{errorData.message}</p>
@@ -244,7 +244,7 @@ export function InstanceSetupForm() {
                   hasError={errorData.type && errorData.type === EErrorCodes.INVALID_PASSWORD ? true : false}
                   onFocus={() => setIsPasswordInputFocused(true)}
                   onBlur={() => setIsPasswordInputFocused(false)}
-                  autoComplete="on"
+                  autoComplete="new-password"
                 />
                 {showPassword.password ? (
                   <button
@@ -288,6 +288,7 @@ export function InstanceSetupForm() {
                   className="w-full border border-subtle !bg-surface-1 pr-12 placeholder:text-placeholder"
                   onFocus={() => setIsRetryPasswordInputFocused(true)}
                   onBlur={() => setIsRetryPasswordInputFocused(false)}
+                  autoComplete="new-password"
                 />
                 {showPassword.retypePassword ? (
                   <button

apps/space/core/components/account/auth-forms/email.tsx

@@ -69,7 +69,7 @@ export const AuthEmailForm = observer(function AuthEmailForm(props: TAuthEmailFo
             onChange={(e) => setEmail(e.target.value)}
             placeholder="[email protected]"
             className={`disable-autofill-style h-10 w-full placeholder:text-placeholder autofill:bg-danger-subtle border-0 focus:bg-none active:bg-transparent`}
-            autoComplete="on"
+            autoComplete="off"
             autoFocus
             ref={inputRef}
           />

apps/space/core/components/account/auth-forms/password.tsx

@@ -153,7 +153,7 @@ export const AuthPasswordForm = observer(function AuthPasswordForm(props: Props)
             className="disable-autofill-style h-10 w-full border border-subtle !bg-surface-1 pr-12 placeholder:text-placeholder"
             onFocus={() => setIsPasswordInputFocused(true)}
             onBlur={() => setIsPasswordInputFocused(false)}
-            autoComplete="on"
+            autoComplete="off"
             autoFocus
           />
           {showPassword?.password ? (
@@ -186,6 +186,7 @@ export const AuthPasswordForm = observer(function AuthPasswordForm(props: Props)
               className="disable-autofill-style h-10 w-full border border-subtle !bg-surface-1 pr-12 placeholder:text-placeholder"
               onFocus={() => setIsRetryPasswordInputFocused(true)}
               onBlur={() => setIsRetryPasswordInputFocused(false)}
+              autoComplete="off"
             />
             {showPassword?.retypePassword ? (
               <EyeOff

apps/space/core/components/account/auth-forms/unique-code.tsx

@@ -92,6 +92,7 @@ export function AuthUniqueCodeForm(props: TAuthUniqueCodeForm) {
             onChange={(e) => handleFormChange("email", e.target.value)}
             placeholder="[email protected]"
             className={`disable-autofill-style h-10 w-full placeholder:text-placeholder border-0`}
+            autoComplete="off"
             disabled
           />
           {uniqueCodeFormData.email.length > 0 && (
@@ -113,6 +114,7 @@ export function AuthUniqueCodeForm(props: TAuthUniqueCodeForm) {
           onChange={(e) => handleFormChange("code", e.target.value)}
           placeholder="123456"
           className="disable-autofill-style h-10 w-full border border-subtle !bg-surface-1 pr-12 placeholder:text-placeholder"
+          autoComplete="off"
           autoFocus
         />
         <div className="flex w-full items-center justify-between px-1 text-11 pt-1">

apps/web/app/(all)/[workspaceSlug]/(settings)/settings/account/security/page.tsx

@@ -144,6 +144,7 @@ function SecurityPage() {
                       placeholder={t("old_password")}
                       className="w-full"
                       hasError={Boolean(errors.old_password)}
+                      autoComplete="current-password"
                     />
                   )}
                 />
@@ -184,6 +185,7 @@ function SecurityPage() {
                     hasError={Boolean(errors.new_password)}
                     onFocus={() => setIsPasswordInputFocused(true)}
                     onBlur={() => setIsPasswordInputFocused(false)}
+                    autoComplete="new-password"
                   />
                 )}
               />
@@ -226,6 +228,7 @@ function SecurityPage() {
                     hasError={Boolean(errors.confirm_password)}
                     onFocus={() => setIsRetryPasswordInputFocused(true)}
                     onBlur={() => setIsRetryPasswordInputFocused(false)}
+                    autoComplete="new-password"
                   />
                 )}
               />

apps/web/app/(all)/profile/security/page.tsx

@@ -142,6 +142,7 @@ function SecurityPage() {
                         placeholder={t("old_password")}
                         className="w-full"
                         hasError={Boolean(errors.old_password)}
+                        autoComplete="current-password"
                       />
                     )}
                   />
@@ -182,6 +183,7 @@ function SecurityPage() {
                       hasError={Boolean(errors.new_password)}
                       onFocus={() => setIsPasswordInputFocused(true)}
                       onBlur={() => setIsPasswordInputFocused(false)}
+                      autoComplete="new-password"
                     />
                   )}
                 />
@@ -224,6 +226,7 @@ function SecurityPage() {
                       hasError={Boolean(errors.confirm_password)}
                       onFocus={() => setIsRetryPasswordInputFocused(true)}
                       onBlur={() => setIsRetryPasswordInputFocused(false)}
+                      autoComplete="new-password"
                     />
                   )}
                 />

apps/web/core/components/account/auth-forms/email.tsx

@@ -68,7 +68,7 @@ export const AuthEmailForm = observer(function AuthEmailForm(props: TAuthEmailFo
             onChange={(e) => setEmail(e.target.value)}
             placeholder={t("auth.common.email.placeholder")}
             className={`disable-autofill-style h-10 w-full placeholder:text-placeholder autofill:bg-danger-primary border-0 focus:bg-none active:bg-transparent`}
-            autoComplete="on"
+            autoComplete="off"
             autoFocus
             ref={inputRef}
           />

apps/web/core/components/account/auth-forms/forgot-password.tsx

@@ -98,7 +98,7 @@ export const ForgotPasswordForm = observer(function ForgotPasswordForm() {
                 hasError={Boolean(errors.email)}
                 placeholder={t("auth.common.email.placeholder")}
                 className="h-10 w-full border border-strong !bg-surface-1 pr-12 placeholder:text-placeholder"
-                autoComplete="on"
+                autoComplete="off"
                 disabled={resendTimerCode > 0}
               />
             )}

apps/web/core/components/account/auth-forms/password.tsx

@@ -207,7 +207,7 @@ export const AuthPasswordForm = observer(function AuthPasswordForm(props: Props)
               className="disable-autofill-style h-10 w-full border border-strong !bg-surface-1 pr-12 placeholder:text-placeholder"
               onFocus={() => setIsPasswordInputFocused(true)}
               onBlur={() => setIsPasswordInputFocused(false)}
-              autoComplete="on"
+              autoComplete="off"
               autoFocus
             />
             <button
@@ -244,6 +244,7 @@ export const AuthPasswordForm = observer(function AuthPasswordForm(props: Props)
                 className="disable-autofill-style h-10 w-full border border-strong !bg-surface-1 pr-12 placeholder:text-placeholder"
                 onFocus={() => setIsRetryPasswordInputFocused(true)}
                 onBlur={() => setIsRetryPasswordInputFocused(false)}
+                autoComplete="off"
               />
               <button
                 type="button"