Crypto wallet recovery codes can end up saved in autofill

[fmarier]

https://community.brave.com/t/browser-saves-an-entered-seed-phrase-for-nufi-wallet-under-adresses-and-more-in-the-autofill-settings/424932

Users should of course reach out to the extension authors and point this bug out to them, but we should ideally do something about this in the browser too.

Possible mitigations:

• detect BIP-39 passphrases and ignore them in autofill
• extend the protections given to Brave Wallet in https://github.com/brave/brave-core/pull/14603 to all known crypto wallets

Slack discussion: https://bravesoftware.slack.com/archives/C8MP8ME4C/p1660765334778059 (most details are copied here)

[refi93]

FYI, we fixed the issue on NuFi web/extension's end this week - autocomplete is no longer triggered when entering the seed phrase during recovery. As pointed out in the forum thread, we recommend clearing the autocomplete history to wipe the wallet's seed phrase words stored by the browser's autocomplete while the bug was there

[terafirmanz]

I have noticed that this shows up in other places. From what I can tell brave ignores the autocomplete="one-time-code" html tag on fields. This I have noticed means that TOTP MFA codes are being kept for sites that should be ignored as it removes the protection of MFA for that user until the code has expired.