diff --git a/defaults/main.yml b/defaults/main.yml
index 9b69d5fa..f2f9f76c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -82,6 +82,7 @@ horizon_time_zone: UTC
 horizon_enforce_password_check: False
 horizon_disable_password_reveal: False
 horizon_enable_password_retrieve: False
+horizon_enable_password_autocomplete: False
 # If nova_libvirt_inject_password is set to True, then this can also be enabled:
 horizon_can_set_password: False
 horizon_enable_cinder_backup: False
diff --git a/releasenotes/notes/horizon-enable-password-autocomplete-5f8f78a6c8f1edb3.yaml b/releasenotes/notes/horizon-enable-password-autocomplete-5f8f78a6c8f1edb3.yaml
new file mode 100644
index 00000000..d4741a16
--- /dev/null
+++ b/releasenotes/notes/horizon-enable-password-autocomplete-5f8f78a6c8f1edb3.yaml
@@ -0,0 +1,5 @@
+---
+security:
+  - Horizon disables password autocompletion in the browser by default, but
+    deployers can now enable autocompletion by setting
+    ``horizon_enable_password_autocomplete`` to ``True``.
diff --git a/templates/horizon_local_settings.py.j2 b/templates/horizon_local_settings.py.j2
index 771b3d8c..e5573054 100644
--- a/templates/horizon_local_settings.py.j2
+++ b/templates/horizon_local_settings.py.j2
@@ -94,7 +94,7 @@ OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "{{ horizon_keystone_default_domain }}"
 
 # Turn off browser autocompletion for forms including the login form and
 # the database creation workflow if so desired.
-#HORIZON_CONFIG["password_autocomplete"] = "off"
+HORIZON_CONFIG["password_autocomplete"] = "{{ (horizon_enable_password_autocomplete | bool) | ternary('on','off') }}"
 
 # Setting this to True will disable the reveal button for password fields,
 # including on the login form.