Diamond IT Blog

Think before saving logins to your browser

Written by Samantha Cordell | January 23, 2018

There are a number of reasons you should be wary of saving your password to a digital platform. Just look at Yahoo’s data breach in 2013, which leaked passwords for three billion people. Even when your password isn’t compromised, saving it to a browser could have serious implications for your privacy.

Why auto-fill passwords are so dangerous

In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.

Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.

The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.

Using auto-fill to track users

Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.

Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.

One simple security tip for today

Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.

  • If you use Chrome - Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
  • If you use Firefox - Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you use Safari - Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

How can Diamond help?

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24x7 cybersecurity assistance that goes far beyond protecting your privacy, call us today. To contact us simply complete the online form below or call us today on 1300 307 907.

Published with permission from TechAdvisory.org.