There's a good reason they did this by the way.  One of the best security recommendations we have is "use a different and complex password for every different account".  Humans cannot do this reliably, we need password management software, and "autocomplete = off" breaks them.  So, you actually do not want to turn it off!

Excuse me @Nic Brough -Adaptavist-  but I haven't  completely understood your sentence.

Do you mean we should have installed specific third part password management software, which needs (for its way to work) to find the browsers allowing for autocompletion?

The scenario we deal with is to have some users (especially customers) loggin in, allowed to read only specific Confluence pages, and I have no control on the pc/laptop or mobile configuration they're using, so the possibility to avoid autocompletion could help in some cases.

We're looking for alternatives.

Not quite.  I'm saying people should use "password safes" and when they do, you do not want to turn off auto-complete.

If people do not use password safes, you will find they use weak passwords, or write them down in insecure places.  Either way, you do not want that to happen.  Encourage them to use password safes and do not disable it.

Hi Nic, thanks for feedback.

The problem we're facing is that we'd like need to allow several users from multiple machines and mobiles, also from ouside our organization.

Of course we'll encourage the use of password safes, but what I'd like to find is to limitate in somw way the further risk of access from unknown users who might have access on a device with a common user.

We had an example from a pc with common access in one of our meeting rooms. On this pc is possible to enter as a generic "meeting-room-user" (with some limitations, but browsing the web is not one of these limitations), and from this using a browser to enter in Jira (or Confluence) as a registered user. If the user saves the password in the browser, the next person using the room might have access to Jira without the need to insert a password, just selecting the previous user name logged in.

The point is that I cannot be sure that the same situation won't happen at one of our customer's sites.

In an ideal configuration (in my mind, I don't know of this could be really the best way) I'd like to allow a selected list of internal pcs' and windows system users with some more options (maybe auto completions and/or longer timeouts) but avoiding autocompletion and reducing timeouts to the minimum for any other pc and windows user, or other device. The point is to not have the daily work to be continuously interrupted by login requests (I can't ask my collaborators to act in Confluence as if they would be dealing with their web bank), but at the same time reduce the risks when the access is done from uncontrolled devices.

Sorry for the complicate explanation, I could probably have made it shorter :-) , but it's my first experience dealing with Atlassian and now quickly moving from 25 to 50 allowed users. 

I could also consider plugins, if any could work for this.

Ciao, Andrea