
Why auto-fill passwords are so dangerous
Certain web browsers have integrated features that enable usernames and passwords to be automatically entered into a web form. There are also password manager applications that have made it easy to access login credentials. But these aren’t completely safe. They can become a liability if hackers gain access to computers or browsers.
For example, if a hacker gains access to just one account, it’ll be easier for them to obtain access to other accounts because the autocomplete feature will fill in all other saved credentials.
Tricking a browser or password manager into giving up saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.
Using auto-fill to track users
For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do users know that shrewd digital marketers also use password auto-fill to track user activity.
Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to monitor the sites that users visit. AdThink and OnAudience track people based on the usernames in hidden auto-fill forms and sell the information they gather to advertisers. While the intention is not to steal passwords, there’s always the likelihood of exposure.
One simple security tip for today
A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:
- If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
- If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
- If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.
Being cautious about your password security habits can go a long way in protecting your sensitive data. For managed, 24/7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.