diff --git a/includes/seckit.form.inc b/includes/seckit.form.inc
index 7907318..095d1e8 100644
--- a/includes/seckit.form.inc
+++ b/includes/seckit.form.inc
@@ -360,6 +360,12 @@ function seckit_admin_form() {
     '#size' => 90,
     '#description' => t('Trustworthy destination. Possible variants are: !items', $args),
   );
+  $form['seckit_various']['disable_autocomplete'] = array(
+    '#type' => 'checkbox',
+    '#title' => t('Disable autocomplete on login and registration forms'),
+    '#default_value' => $options['seckit_various']['disable_autocomplete'],
+    '#description' => t('Prevent the browser from populating login/registration form fields using its autocomplete functionality. This as populated fields may contain sensitive information, facilitating unauthorized access.'),
+  );
 
   // Execute the default handlers first.
   $form = system_settings_form($form);
diff --git a/seckit.module b/seckit.module
index 693e76a..69d9dd3 100644
--- a/seckit.module
+++ b/seckit.module
@@ -535,13 +535,14 @@ function _seckit_get_options($reset = FALSE, $alter = TRUE) {
   );
   $default['seckit_various'] = array(
     'from_origin' => 0,
+    'disable_autocomplete' => 0,
   );
   // get variables
   $result['seckit_xss']          = variable_get('seckit_xss', $default['seckit_xss']);
   $result['seckit_csrf']         = variable_get('seckit_csrf', $default['seckit_csrf']);
   $result['seckit_clickjacking'] = variable_get('seckit_clickjacking', $default['seckit_clickjacking']);
   $result['seckit_ssl']          = variable_get('seckit_ssl', $default['seckit_ssl']);
-  $result['seckit_various']      = variable_get('seckit_various', $default['seckit_various']);
+  $result['seckit_various']      = variable_get('seckit_various', array()) + $default['seckit_various'];
   // enable Content Security Policy (CSP)
   if (!isset($result['seckit_xss']['csp']['checkbox'])) {
     $result['seckit_xss']['csp']['checkbox'] = 0;
@@ -591,3 +592,18 @@ function _seckit_get_options($reset = FALSE, $alter = TRUE) {
   }
   return $result;
 }
+
+/**
+ * Implements hook_form_alter().
+ */
+function seckit_form_alter(&$form, &$form_state, $form_id) {
+  if (in_array($form_id, array('user_login', 'user_register_form', 'user_login_block'))) {
+    $options = _seckit_get_options();
+    if ($options['seckit_various']['disable_autocomplete']) {
+      $form['#attributes']['autocomplete'] = 'off';
+      if (isset($form['pass'])) {
+        $form['pass']['#attributes']['autocomplete'] = 'off';
+      }
+    }
+  }
+}