The auto-fill feature that makes it easy to enter in usernames and passwords on various websites may be putting your information at risk.
While auto-fill is a convenient way to keep track of the many combinations of letters, numbers and special characters you need to access sites, the feature is also being used by advertisers and hackers. That’s why many security experts are suggesting turning off the auto-complete feature in your web browser.
Password manager programs embedded in browsers are a simple way to get access to a password-protected website. The password manager auto-fills your details, giving you one-click access to account information meant to be kept private.
How Hackers Get Access
If hackers get access to a compromised website, they can put an invisible form on the site and easily collect users’ login information. If your browser automatically enters this information when it sees the appropriate boxes on a web form, it adds the info everywhere those boxes are found on a page, whether they’re seen by the user or not.
Because most web users use the same username and password for multiple sites, the theft of this information on just one website can expose your information on many others.
Not Just Hackers
It may come as a surprise to learn that hackers are not the only ones trying to use your login information. Some ad networks are using tracking scripts to grab email addresses stored in your password manager for auto-filling. That tech can be used to grab passwords too, whether stored on a browser or an independent password management site.
The ad networks are using the same technique as hackers — an invisible form that captures your credentials provided by the password manager. Here’s a helpful demo page that shows you how it works.
Ad networks are using this information not to hack your data, but to understand what sites you navigate to better target ads to you. And while they claim to only be grabbing email addresses, the potential for further abuse is there.
What Computer Users Can Do
Password managers by themselves are still useful tools, especially given the number of codewords we need to go about daily web browsing. It’s the auto-fill mechanism that needs to be disabled. That’s simple to do.
On Safari (Desktop)
On Safari (iOS)
Disabling the auto-fill features means spending a little more time finding and entering usernames and passwords manually. However, these steps protect you from prying eyes looking to gain more information about you and your accounts.