Your web browser is betraying you

By Peter Lambert | February 5, 2019

1902_autofill_pwd_i700287204It's time to turn off your web browser's password auto-fill function. It's been confirmed that these features can be manipulated by web pages you visit without you knowing to track you, and potentially have your browser surrender your passwords without you knowing.

"If you allow your browser to automatically submit your username and password into forms silently and invisibly, there is always the danger that a malicious site or script may steal the information." - Graham Cluely - Online Security Analyst

You're being tracked

Advertisements and suggestions based on our internet browsing habits are sources of online tracking. However, autocomplete passwords are also another source of online tracking. This sneaky tactic comes with serious security risks. Here’s how you can stop it from targeting you..

Why auto-fill passwords are so dangerous

As of December 2018, there are 4.1 billion internet users in the world. This means users have to create dozens of passwords, either to protect their account or simply to meet the password-creation requirements of the platform they're using. Unfortunately, only 20% of US internet users have different passwords for their multiple online accounts.

Certain web browsers have integrated a mechanism that enables usernames and passwords to be automatically entered into a web form. On the other hand, password manager applications have made it easy to access login credentials. But these aren't completely safe.

Tricking a browser or password manager into giving up this saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised web page to collect users’ login information.

Using auto-fill to track users

For over a decade, there's been a password security tug-of-war between hackers and cybersecurity professionals. Little do many people know that shrewd digital marketers also use password auto-fill to track user activity.

Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to track the sites that users visit. They've made no attempts to steal passwords, but security professionals said it wouldn’t have been hard for them to do. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold the information they gathered to advertisers.

It's simple - turn it off

A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here's how to do it:

If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.

If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”

If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

If you're using Edge - Open the settings menu, click View Advanced Settings (at the bottom of the list), turn off Save Passwords under Autofill settings.

Can't remember all of your passwords?

There are several good password managers on the market, with most of them having a functional free product. Some have an autofill feature, but for the same reasons they are not recommended to be used at all. 1Password refuses to add the feature into their product. Other popular options include LastPass, Dashlane and KeyPass.

These products won't automatically log you in like you'll have with autofill, but will require you to confirm to use the username and password you've entrusted to them. This means your passwords will only be used in forms you interact with, rather than nefarious forms hidden from you.

We can help

Our Business Technology Managers (BTMs) are available to coordinate your cybersecurity to a better place. If you need assistance in eliminating autofill from your workplace, give us a call on 1300 307 907 or contact us via the form below.

 

Contact us today

 

 Published with permission from TechAdvisory.org. Source.

TAGS: Tech Trends and Tips, IT Security

About the Author
Peter Lambert

Presales Consultant, Carrier Solutions Specialist & Security Blogger @ Diamond IT - I have over 25 years of experience in Information & Communications. My range of skills is diverse and includes extensive experience in desktop solutions, server and network presales and administration, VOIP phone systems, journalism, creative writing, technical writing, digital videography and audio visual streaming. I hold a Certificate IV in Training and Assessment, and I am an experienced classroom trainer and course coordinator. I hold an Advanced Diploma in Network Security, a Diploma in Network Administration, and a Certificate IV in Networking. I am a Cisco Certified Network Associate (CCNA) and Microsoft Certified Solutions Associate (MCSA).