diff --git a/doc/webauthn_autofill.rdoc b/doc/webauthn_autofill.rdoc
index 1445a59b..c4928dc2 100644
--- a/doc/webauthn_autofill.rdoc
+++ b/doc/webauthn_autofill.rdoc
@@ -10,6 +10,7 @@ independently from the autofill UI.
 
 == Auth Value Methods
 
+webauthn_autofill? :: Whether to activate the autofill UI on the login page.
 webauthn_autofill_js :: The javascript code to execute on the login page to enable autofill UI.
 webauthn_autofill_js_route :: The route to the webauthn autofill javascript file.
 webauthn_invalid_webauthn_id_message :: The error message to show when provided WebAuthn ID wasn't found in the database.
diff --git a/lib/rodauth/features/webauthn_autofill.rb b/lib/rodauth/features/webauthn_autofill.rb
index 82c2da00..c8428a72 100644
--- a/lib/rodauth/features/webauthn_autofill.rb
+++ b/lib/rodauth/features/webauthn_autofill.rb
@@ -4,6 +4,7 @@ module Rodauth
   Feature.define(:webauthn_autofill, :WebauthnAutofill) do
     depends :webauthn_login
 
+    auth_value_method :webauthn_autofill?, true
     auth_value_method :webauthn_autofill_js, File.binread(File.expand_path('../../../../javascript/webauthn_autofill.js', __FILE__)).freeze
 
     translatable_method :webauthn_invalid_webauthn_id_message, "no webauthn key with given id found"
@@ -37,7 +38,7 @@ def login_field_autocomplete_value
 
     def _login_form_footer
       footer = super
-      footer += render("webauthn-autofill") unless valid_login_entered?
+      footer += render("webauthn-autofill") if webauthn_autofill? && !valid_login_entered?
       footer
     end
 
diff --git a/spec/webauthn_autofill_spec.rb b/spec/webauthn_autofill_spec.rb
index da2ddfad..0b3bcaba 100644
--- a/spec/webauthn_autofill_spec.rb
+++ b/spec/webauthn_autofill_spec.rb
@@ -84,6 +84,20 @@
     page.find("#login")[:autocomplete].must_equal "email"
   end
 
+  it "should allow disabling autofill" do
+    rodauth do
+      enable :webauthn_autofill
+      hmac_secret '123'
+      webauthn_autofill? false
+    end
+    roda do |r|
+      r.rodauth
+      view :content=>""
+    end
+    visit "/login"
+    page.has_css?("#webauthn-auth-form").must_equal false
+  end
+
   it "should allow webauthn autofill via json" do
     rodauth do
       enable :webauthn_autofill, :logout