Password Autofill:  Convenience Compromising Security?

You are currently viewing Password Autofill:  Convenience Compromising Security?

“What’s that password again? Wait, I changed it … Harrumph. I don’t remember!” We’ve all been there, sometimes many times a day. Password autofill on our Web browsers felt like the sun was shining on our online activity again. Sorry to tell you, but this convenience may not be entirely safe.

Most browsers will ask after you’ve entered a new password into a site or changed a password if you want it stored for you. That way, when you revisit that site, the browser can autofill your access credentials. It saves you the struggle of trying to keep all your passwords straight.

💡READ MORE:  How the Bad Guys Get Your Passwords

The problem is that some sites, including legitimate sites, can be compromised with a hidden form. You’ll never see it, but your browser will. So, it will autofill that form in clear, unencrypted text. This allows bad actors to capture your username and password without your knowledge.

Another risk? Irresponsible digital marketers may use hidden autofill forms to track your online activity. That’s done without your consent.

💡READ MORE:  Picking Your Home PC Browser

Using browser autofill with a password manager can also confuse, especially if your browser auto-fills, whereas the manager asks before filling in forms. Using both simultaneously, you also risk duplicating passwords, which could make it challenging to track your passwords and increase the risk of security breaches.

How to turn off autofill

You can protect your passwords by turning off autofill on any browser you use:

  • On Microsoft Edge, go to Settings, then Profiles, then Passwords, and turn off “Offer to save passwords.”
  • On Google Chrome, go to Settings, then Passwords, and turn off “Offer to save passwords.”
  • On Firefox, open Settings, then Privacy & Security, then Logins and Passwords, and “Autofill logins and passwords.”
  • On Safari, from the Preferences window, select and turn off Auto-fill.

Can I keep using password managers?

A password manager, such as LastPass (our choice) or 1Password, typically provides more security than browser autofill. Password managers have robust encryption algorithms to protect your login credentials, which means that even if your device is compromised, your passwords are safe.

💡READ MORE:  The Benefits of Password Managers

Still, you face the same risks if the manager auto-fills your credentials. Most password managers have autofill disabled by default. That’s good. Leave preemptive autofill off. You might see it called “Autofill on page load.” Keep that turned off, too.

Our advice? Use a password manager that requires you to click a box before it fills in your credentials. This action prevents your information from automatically populating a hidden form.

Securing your online activity is an ongoing challenge. Hopedale Technologies can help identify ways you can protect your privacy and data online. Contact us today at 508-478-6010.