The Antiphishing Sandbox is our patent-pending method of ensuring passwords are only typed on authorized sites.

Since the sandbox prevents ALL keyboard input from being transmitted to the remote page, it can interfere with dynamic page elements, such as Google's suggestions.

Some sites *can* collect partial passwords by enabling this feature.  You can choose how many characters to *potentially* expose to an inauthentic site below.  4 characters is the default. 

If you choose to disable this feature, you can also always use the whitelist feature below to prevent input sandboxing.

Known good sites that can not host user-created content, and are unlikely to be compromised,  can be whitelisted from phishing protection.

Be careful with the scope of the whitelist.  "google.com" would be a poor whitelist since it contains both "www.google.com" (safe) and drive.google.com (unsafe).  

Create the most specific whitelist possible ("www.google.com" in the previous example) to prevent accidental exposure.