diff --git a/web/app.py b/web/app.py
index c36da2b..92c763c 100644
--- a/web/app.py
+++ b/web/app.py
@@ -964,6 +964,26 @@ async def action_users_disable(
     return RedirectResponse("/einstellungen/benutzer", status_code=303)
 
 
+@app.post("/actions/users/delete")
+async def action_users_delete(
+    request: Request,
+    target_id: int = Form(...),
+    csrf: str = Form(...),
+    admin=Depends(require_admin),
+):
+    require_csrf(admin["id"], csrf)
+    if target_id == admin["id"]:
+        raise HTTPException(400, "refusing to delete self")
+    target = db.get_user(target_id)
+    if not target:
+        return RedirectResponse("/einstellungen/benutzer", status_code=303)
+    db.delete_user(target_id)
+    db.log_audit(admin["username"], "user.deleted",
+                 f"target={target_id} username={target['username']}",
+                 user_id=admin["id"], ip=client_ip(request))
+    return RedirectResponse("/einstellungen/benutzer?deleted=1", status_code=303)
+
+
 # ---------------------------------------------------------------------------
 # Internal endpoints
 # ---------------------------------------------------------------------------
diff --git a/web/db.py b/web/db.py
index 449cbe4..b7b1459 100644
--- a/web/db.py
+++ b/web/db.py
@@ -304,6 +304,14 @@ def set_user_disabled(user_id: int, disabled: bool) -> None:
         )
 
 
+def delete_user(user_id: int) -> None:
+    """Remove a user and everything that cascades (profile, filters, notifications,
+    preferences, rejections, applications). Audit/error logs stay (user_id column
+    is nullable)."""
+    with _lock:
+        _conn.execute("DELETE FROM users WHERE id = ?", (user_id,))
+
+
 # ---------------------------------------------------------------------------
 # User profile / filters / notifications / preferences
 # ---------------------------------------------------------------------------
diff --git a/web/templates/_settings_profil.html b/web/templates/_settings_profil.html
index b8527d0..e604feb 100644
--- a/web/templates/_settings_profil.html
+++ b/web/templates/_settings_profil.html
@@ -3,6 +3,14 @@
 <form method="post" action="/actions/profile" class="grid grid-cols-1 md:grid-cols-2 gap-4"
       autocomplete="off" data-lpignore="true" data-1p-ignore data-form-type="other">
     <input type="hidden" name="csrf" value="{{ csrf }}">
+    {# Honeypot: Chrome/Firefox password managers ignore autocomplete="off" but
+       autofill the *first* email+password pair they find. These hidden fields
+       absorb that autofill so the visible E-Mail/Immomio-Passwort stay clean.
+       The server ignores unknown form fields. #}
+    <div aria-hidden="true" style="position:absolute; left:-10000px; top:auto; width:1px; height:1px; overflow:hidden;">
+        <input type="text" name="_autofill_sink_user" tabindex="-1" autocomplete="username">
+        <input type="password" name="_autofill_sink_pass" tabindex="-1" autocomplete="current-password">
+    </div>
 
     <div>
         <label class="block text-xs uppercase text-slate-500 mb-1">Anrede</label>
@@ -25,7 +33,8 @@
 
     <div>
         <label class="block text-xs uppercase text-slate-500 mb-1">E-Mail</label>
-        <input class="input" type="email" name="email" value="{{ profile.email }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
+        <input class="input" type="text" inputmode="email" name="email" value="{{ profile.email }}"
+               autocomplete="off" data-lpignore="true" data-1p-ignore>
     </div>
     <div>
         <label class="block text-xs uppercase text-slate-500 mb-1">Telefon</label>
@@ -95,7 +104,8 @@
     </div>
     <div>
         <label class="block text-xs uppercase text-slate-500 mb-1">Immomio-Email</label>
-        <input class="input" type="email" name="immomio_email" value="{{ profile.immomio_email }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
+        <input class="input" type="text" inputmode="email" name="immomio_email" value="{{ profile.immomio_email }}"
+               autocomplete="off" data-lpignore="true" data-1p-ignore>
     </div>
     <div>
         <label class="block text-xs uppercase text-slate-500 mb-1">Immomio-Passwort</label>
diff --git a/web/templates/_settings_users.html b/web/templates/_settings_users.html
index 6e18f44..ac261f5 100644
--- a/web/templates/_settings_users.html
+++ b/web/templates/_settings_users.html
@@ -1,39 +1,53 @@
 <h2 class="font-semibold mb-4">Benutzer verwalten</h2>
 
 {% if request.query_params.get('ok') %}<div class="chip chip-ok mb-4">Benutzer angelegt.</div>{% endif %}
+{% if request.query_params.get('deleted') %}<div class="chip chip-ok mb-4">Benutzer gelöscht.</div>{% endif %}
 {% if request.query_params.get('err') == 'exists' %}<div class="chip chip-bad mb-4">Benutzername existiert bereits.</div>{% endif %}
 
-<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
-    <div>
-        <h3 class="font-semibold mb-2">Neuen Benutzer anlegen</h3>
-        <form method="post" action="/actions/users/create" class="space-y-3 max-w-md">
-            <input type="hidden" name="csrf" value="{{ csrf }}">
-            <div>
-                <label class="block text-xs uppercase text-slate-500 mb-1">Benutzername</label>
-                <input class="input" name="username" required>
-            </div>
-            <div>
-                <label class="block text-xs uppercase text-slate-500 mb-1">Passwort (≥ 10 Zeichen)</label>
-                <input class="input" type="password" name="password" required>
-            </div>
+<section class="card p-5 mb-6">
+    <h3 class="font-semibold mb-3">Neuen Benutzer anlegen</h3>
+    <form method="post" action="/actions/users/create"
+          class="grid grid-cols-1 md:grid-cols-3 gap-3 items-end"
+          autocomplete="off" data-lpignore="true" data-1p-ignore data-form-type="other">
+        <input type="hidden" name="csrf" value="{{ csrf }}">
+        <div>
+            <label class="block text-xs uppercase text-slate-500 mb-1">Benutzername</label>
+            <input class="input" name="username" required autocomplete="off" data-lpignore="true" data-1p-ignore>
+        </div>
+        <div>
+            <label class="block text-xs uppercase text-slate-500 mb-1">Passwort (≥ 10 Zeichen)</label>
+            <input class="input" type="password" name="password" required
+                   autocomplete="new-password" data-lpignore="true" data-1p-ignore>
+        </div>
+        <div class="flex items-center gap-4">
             <label class="inline-flex items-center gap-2">
                 <input type="checkbox" name="is_admin">
-                <span>Administrator-Rechte</span>
+                <span>Administrator</span>
             </label>
-            <button class="btn btn-primary" type="submit">Anlegen</button>
-        </form>
-    </div>
+            <button class="btn btn-primary ml-auto" type="submit">Anlegen</button>
+        </div>
+    </form>
+</section>
 
-    <div>
-        <h3 class="font-semibold mb-2">Alle Benutzer</h3>
-        <div class="card divide-y divide-soft">
-            {% for u in users %}
-            <div class="px-3 py-2 flex items-center gap-2 text-sm">
-                <span class="flex-1">{{ u.username }}</span>
+<section class="card">
+    <div class="flex items-center justify-between px-4 py-3 border-b border-soft">
+        <h3 class="font-semibold">Alle Benutzer</h3>
+        <span class="text-xs text-slate-500">{{ users|length }}</span>
+    </div>
+    <div class="divide-y divide-soft">
+        {% for u in users %}
+        <div class="px-4 py-3 flex items-center gap-3 flex-wrap">
+            <div class="flex items-center gap-2 flex-1 min-w-0">
+                <span class="font-medium truncate">{{ u.username }}</span>
+                {% if u.id == user.id %}<span class="chip chip-info">du</span>{% endif %}
+            </div>
+            <div class="flex items-center gap-1.5">
                 {% if u.is_admin %}<span class="chip chip-info">Administrator</span>{% endif %}
                 {% if u.disabled %}<span class="chip chip-bad">deaktiviert</span>
                 {% else %}<span class="chip chip-ok">aktiv</span>{% endif %}
-                {% if u.id != user.id %}
+            </div>
+            {% if u.id != user.id %}
+            <div class="flex items-center gap-2 ml-auto">
                 <form method="post" action="/actions/users/disable">
                     <input type="hidden" name="csrf" value="{{ csrf }}">
                     <input type="hidden" name="target_id" value="{{ u.id }}">
@@ -42,9 +56,15 @@
                         {% if u.disabled %}aktivieren{% else %}deaktivieren{% endif %}
                     </button>
                 </form>
-                {% endif %}
+                <form method="post" action="/actions/users/delete"
+                      onsubmit="return confirm('Benutzer „{{ u.username }}“ dauerhaft löschen? Alle Profildaten, Filter, Bewerbungen und Einstellungen gehen verloren.');">
+                    <input type="hidden" name="csrf" value="{{ csrf }}">
+                    <input type="hidden" name="target_id" value="{{ u.id }}">
+                    <button class="btn btn-danger text-xs" type="submit">löschen</button>
+                </form>
             </div>
-            {% endfor %}
+            {% endif %}
         </div>
+        {% endfor %}
     </div>
-</div>
+</section>
diff --git a/web/templates/bewerbung_detail.html b/web/templates/bewerbung_detail.html
index 9977409..eec37e9 100644
--- a/web/templates/bewerbung_detail.html
+++ b/web/templates/bewerbung_detail.html
@@ -11,7 +11,7 @@
         <span class="chip chip-info">{% if application.triggered_by == 'auto' %}automatisch{% else %}manuell{% endif %}</span>
         {% if application.provider %}<span class="chip chip-info">{{ application.provider }}</span>{% endif %}
         {% if application.submit_forms_used %}<span class="chip chip-warn">echt gesendet</span>
-        {% else %}<span class="chip chip-info">Trockenmodus</span>{% endif %}
+        {% else %}<span class="chip chip-info">nicht abgeschickt</span>{% endif %}
 
         {% if application.success == 0 %}
         <a class="btn btn-danger text-sm ml-auto"
diff --git a/web/templates/bewerbungen.html b/web/templates/bewerbungen.html
index 9204e4d..e8429e2 100644
--- a/web/templates/bewerbungen.html
+++ b/web/templates/bewerbungen.html
@@ -15,7 +15,7 @@
                 <span class="chip chip-info">{% if a.triggered_by == 'auto' %}automatisch{% else %}manuell{% endif %}</span>
                 {% if a.provider %}<span class="chip chip-info">{{ a.provider }}</span>{% endif %}
                 {% if a.submit_forms_used %}<span class="chip chip-warn">echt gesendet</span>
-                {% else %}<span class="chip chip-info">Trockenmodus</span>{% endif %}
+                {% else %}<span class="chip chip-info">nicht abgeschickt</span>{% endif %}
                 <span class="text-slate-500 text-xs ml-auto"
                       title="{{ a.started_at|de_dt }}">{{ a.started_at|de_dt }}</span>
             </div>