spec checked
HTML Standard autofill credential and webauthn tokens
Defines username, current-password, one-time-code, and webauthn autofill behavior, including sign-in pages that can offer saved passwords or public key credentials from the same credential field.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Sign in | Choose sign in when the user needs to start or restore an authenticated session for an existing account. | The sign-in form identifies the protected service or destination before requesting credentials. | The HTML Standard supports webauthn credential suggestions alongside current-password on sign-in pages. |
| Two-factor authentication | Choose two-factor authentication when the user must satisfy an additional factor after a primary credential, SSO return, passkey flow, risk signal, new device, or sensitive action. | The challenge appears only when the server requires additional verification and the protected action remains blocked until success. | The HTML Standard supports one-time-code and webauthn autocomplete behavior for authentication flows. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: WHATWG. Last checked: .