Since version 34, Chromium/Chrome ignores the autocomplete="off" attribute on forms or input fields. Recent versions of other browser do the same, although implementation details vary.

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

• Prevents you from data breaches and liability risks
• Upgrade at your own pace
• Works with modern Rubies

Read more Show archive.org snapshot

This is especially problematic for admin areas because Chrome might automatically fill in a password on a "add new user" forms.

Chrome developers say this is by design Show archive.org snapshot as they believe it encourages users to store more complex passwords.

Recommended fix for Chrome and Firefox

For exactly this use case, Chrome and Firefox now allow to mark password fields with an attribute autocomplete="new-password". This will prevent the field to be filled in automatically.

Old workaround, possibly still necessary for IE

A possible workaround is to add invisible fields Show archive.org snapshot to the form. Note that the invisible fields will still be filled in:

<input type="text" name="email" value="" style="display: none" /> 
<input type="text" name="email" value="Alice"/>
<input type="text" name="not-an-email" value="" style="display: none" />
<input type="password" name="password" value="" style="display: none" /> 
<input type="password" name="password" value=""/>

Once there were extra hidden fields, Chrome stopped messing with my "real" input fields.
The not-an-email input might be necessary for Firefox, since it will sometimes expect a text field preceding a password field to be the username or email.