Autofill Passwords – Is It Secure?

Posted on by

Passwords

“What was that password again? Damnit, I don’t remember!” We have all forgotten passwords. When the auto password fill on our Web browsers was added it felt like a miracle, but this convenience may not be entirely safe.

Most browsers will ask after you have entered a new password if you want it saved for you. If you do save it, the next time you revisit that site, the browser can autofill the access username and password details automatically for you, saving you the struggle of trying to remember all your passwords.

The problem with doing this is that some sites, including legitimate sites, can be compromised with a hidden form. You will never see it, but your browser will and it will autofill that form, and in clear, unencrypted text. This allows bad actors to capture your username and password without your knowledge.

These lists of passwords can also be easily read if someone has access to your device.

How to disable autofill

Here are the ways to disable autofill on most popular browsers:

  • On Microsoft Edge, go to Settings, then Profiles, then Passwords, and disable “Offer to save passwords.”
  • On Google Chrome, go to Settings, then Passwords, and disable “Offer to save passwords.”
  • On Safari, from the Preferences window, select and turn off Auto-fill.
  • On Firefox, open Settings, then Privacy & Security, then Logins and Passwords, and “Autofill logins and passwords.”

What about password managers?

Password managers, such as Keeper, LastPass or 1Password, generally provide more security than the standard browser autofill. Password managers also have strong encryption algorithms to protect your login credentials, which means that even if your device is compromised, your passwords are safe.

But, if the manager auto fills your credentials, you face the same risks. Most password managers have autofill disabled by default and you should leave this turned off to prevent the loss of passwords.

We recommend using a password manager that requires you to click a box before it enters your credentials. This action avoids your information from automatically populating a hidden form.

Securing your online activity is an ongoing challenge. Our Australian IT experts can help identify ways you can improve your cybersecurity, contact us today for a no obligation meeting.