Thanks for the report.There are several things with the issue you reported.
Firstly it only affect people that use the browser password manager to autofill their passphrase on passbolt, and who do not click on the generate password when creating a new password afterward. So we can consider this more of an edge case than a security issue warranting immediate fix. So in the short term, the best option as @garrett pointed out is tell tell the browser password manager not to do this.
Secondly, I agree on the long term it does make sense to fix this. Rather than autogenerating a password autocomatically, I think it is probably best to use the same technique than for the username, e.g. using
autocomplete="off" (How to turn off form autocompletion - Web security | MDN). Of course if other thinks differently we can revisit.
I’ll create a ticket in our backlog to add this to a future development cycle.
We’ll keep this thread on the community forum opens to track progress.