What is a Password Manager? Malwarebytes defines a password manager as a “software application designed to store and manage online credentials and it also generates passwords” ( ). The passwords are typically stored in an encrypted database and protected behind a master password. malwarebytes The purpose of a password manager is to keep all of your login credentials all in one place so you don’t have to scramble to remember what your password for a specific website is. It makes it easy for you to keep all of your account usernames and passwords in one spot and locked via a master password, which is the only password you need to remember. Once you enter your master password into the password manager, it unlocks the password vault and can retrieve any password that you need. You can also autofill your login credentials in browsers with the password managers. Although the autofill feature is beneficial, the rest of this article will discuss why you should disable autofill on your browsers and the security concerns that come with it. Password Manager Examples Here are a few password manager examples: LastPass Bitwarden KeePass Dashlane 1Password What is Autofilling? Autofilling is when your password manager fills in the username and password into a website’s login page with your saved credentials. Benefits of Using Autofill in Your Password Manager By using a password manager, you have the ability to autofill your login credentials on any website as long as you have the autofill for your password manager enabled. This makes it so that you don’t have to memorize your passwords anymore for a certain website. You can even use the password manager to auto-generate a highly secure password for you for a website or application if you don’t want to come up with one on your own. Although there are many benefits of using autofill with your password manager, security experts are encouraging people to disable autofill in your password manager because there are autofill features that can be exploited by hackers. Should you Disable Autofill? The answer is YES, you should disable autofill and I will tell you why. The biggest concern with autofill is privacy and how a hacker can easily obtain personal information. It is simple to trick a browser or password manager into giving up saved login credentials. The hacker just needs to “place an invisible form on a compromised webpage to collect users’ login information” ( ). Back in 2017, Finnish web developer, Viljami Kuosmanen, published a demo on that shows how an attacker takes advantage of the autofill feature that is provided by most browsers. Kuosmanen “discovered a vulnerability that can expose your stored data to a malicious person via phishing” ( ). In this attack, once a user visits the phishing website, they will be presented with “a series of text boxes where it asks for some basic information” ( ). If you use autofill to enter in the information, then the hidden text boxes are actually collecting your information without your knowledge. Once successful, the hacker now has access to your login credentials, credit card information, and any other sensitive data. techadvisory GitHub Social Engineer PCMag Hackers are not the only one trying to use your login credentials, some “ad networks are using tracking scripts to grab email addresses stored in your password manager for autofilling”. The purpose of doing this is to not hack your personal information but to get a better understanding of the websites you visit so they can target more appropriate ads towards you. Prevention Against Autofill Attack The best way for you to prevent any attack is to disable autofill in any browser you use. It's better to copy and paste the password from your password manager than to autofill it. If an organization allows the usage of password managers, then it is important to educate all employees to not click on any suspicious links or emails received. Phishing emails are hackers' favorite way to deceive users into getting the information that they want. How to Disable the Autofill Feature on Chrome, Firefox, and Safari It is important to note that the autofill feature is enabled by default and this is how you can disable autofill in each of the listed browsers. Chrome Click on the three dots on the upper right hand corner of the browser Go to Settings Expand the Autofill section and then select on what you wish to disable autofill (you can toggle the OFF setting if it has been enabled) Firefox Click on the three lines at the top right of the screen Click on Settings Select on the left side of the screen Privacy & Security Scroll down until you see then uncheck (if it is checked marked) Logins and Passwords Autofill Login and Passwords Safari Click on the menu → → tab → Unselect and any other options listed that you do not want to have autofilled Safari Preferences Autofill Username and Passwords Hopefully by now you have a better understanding of password managers and how you can disable autofill in your browser. If you didn’t know much about password managers then I hope this article helped explain that. Autofill with password managers does have its advantages however the privacy security concern should raise some red flags. Hackers will always do their best to obtain personal information without the person’s knowledge. Therefore, it is very important to make sure what can happen if you continue to use autofill in your browser. Companies should be doing their best to prevent attacks from occurring as a loss of credentials may cause serious if not permanent damage to the organization.

Target

How to Hack Facebook Accounts: 5 Common Vulnerabilities in 2023

How to Tell if Your Twitter Has Been Hacked

2021 - Top Security Expert

Nominated for 2022 - HackerNoon Contributor of the Year - Instagram

Nominated for 2022 - HackerNoon Contributor of the Year - Social Media

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Security Awareness

Nominated for 2022 - HackerNoon Contributor of the Year - Facebook

Too Long; Didn't Read

Should You Disable Autofill? - Here's How to Protect Your Passwords

Should You Disable Autofill? - Here's How to Protect Your Passwords

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

3 Types of Phishing Attacks and How to Prevent Them

10 Pieces of Sci-Fi Armor We All Wish Were Real

10 Movie Tie-In Games That Were Actually Good

10 Most Anticipated Sci-fi Games of 2022 You Can’t Miss

10 Female Video Game Characters You Need to Know

10 Cutest Pink Pokémon of All Time

3 Types of Phishing Attacks and How to Prevent Them

10 Pieces of Sci-Fi Armor We All Wish Were Real

10 Movie Tie-In Games That Were Actually Good

10 Most Anticipated Sci-fi Games of 2022 You Can’t Miss

10 Female Video Game Characters You Need to Know

10 Cutest Pink Pokémon of All Time

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps