The Risks Of Using Auto-Complete For Passwords

The auto-fill feature that makes it easy to enter in
usernames and passwords on various websites may be putting your information at
risk.

While auto-fill is a convenient way to keep track
of the many combinations of letters, numbers and special characters you need to
access sites, the feature is also being used by advertisers and hackers. That’s
why many security experts are suggesting turning off the auto-complete feature
in your web browser.

Password manager programs embedded in browsers are a
simple way to get access to a password-protected website. The password manager
auto-fills your details, giving you one-click access to account information
meant to be kept private.

How Hackers Get Access

If hackers get access to a compromised website, they can
put an invisible form on the site and easily collect users’ login information.
If your browser automatically enters this information when it sees the
appropriate boxes on a web form, it adds the info everywhere those boxes are
found on a page, whether they’re seen by the user or not.

Because most web users use the same username and
password for multiple sites, the theft of this information on just one website
can expose your information on many others.

Not Just Hackers

It may come as a surprise to learn that hackers are not
the only ones trying to use your login information. Some ad networks are using
tracking scripts to grab email addresses stored in your password manager for
auto-filling. That tech can be used to grab passwords too, whether stored on a
browser or an independent password management site.

The ad networks are using the same technique as hackers
— an invisible form that captures your credentials provided by the password
manager. Here’s a helpful demo page that shows you how it works.

Ad networks are using this information not to hack your
data, but to understand what sites you navigate to better target ads to you.
And while they claim to only be grabbing email addresses, the
potential for further abuse is there.

What Computer Users Can Do Password managers by themselves are still useful tools, especially given the number of codewords we need to go about daily web browsing. It’s the auto-fill mechanism that needs to be disabled. That’s simple to do.

The auto-fill feature that makes it easy to enter in
usernames and passwords on various websites may be putting your information at
risk.

While auto-fill is a convenient way to keep track
of the many combinations of letters, numbers and special characters you need to
access sites, the feature is also being used by advertisers and hackers. That’s
why many security experts are suggesting turning off the auto-complete feature
in your web browser.

Password manager programs embedded in browsers are a
simple way to get access to a password-protected website. The password manager
auto-fills your details, giving you one-click access to account information
meant to be kept private.

How Hackers Get Access

If hackers get access to a compromised website, they can
put an invisible form on the site and easily collect users’ login information.
If your browser automatically enters this information when it sees the
appropriate boxes on a web form, it adds the info everywhere those boxes are
found on a page, whether they’re seen by the user or not.

Because most web users use the same username and
password for multiple sites, the theft of this information on just one website
can expose your information on many others.

Not Just Hackers

It may come as a surprise to learn that hackers are not
the only ones trying to use your login information. Some ad networks are using
tracking scripts to grab email addresses stored in your password manager for
auto-filling. That tech can be used to grab passwords too, whether stored on a
browser or an independent password management site.

The ad networks are using the same technique as hackers
— an invisible form that captures your credentials provided by the password
manager. Here’s a helpful demo page that shows you how it works.

Ad networks are using this information not to hack your
data, but to understand what sites you navigate to better target ads to you.
And while they claim to only be grabbing email addresses, the
potential for further abuse is there.

What Computer Users Can Do

Password managers by themselves are still useful tools, especially given
the number of codewords we need to go about daily web browsing. It’s the
auto-fill mechanism that needs to be disabled. That’s simple to do.