Conversation

Since most web sites aren't marking up their forms this way, they gather information on forms across sites with telemetry and then distribute a bunch of generic and site-specific heuristics to cope with their forms: google.com/chrome/privacy That's the state of the web in 2022.
The web site is likely using an id/name for the input field and/or form that's associated with passwords. They might explicitly set it as a password input. In my opinion, Chrome shouldn't have these heuristics and this should be for web sites to set up based on web standards...
1