Each website you visit should have its own, unique password. The average person has at least 10 online accounts—that means you could have 10 or more different login credentials! With all the passwords we must remember, any shortcut or way to simplify the log in process is welcomed.
Your internet browser provides the option to store and autofill your passwords. While an autofill feature integrated with your browser might seem like something you should use, don’t. While it is safer than writing your passwords down, the autofill feature isn’t that secure.
Auto-fill Passwords Are Dangerous
Web browsers have a feature that allows you to automatically store usernames, passwords, and other information you’ve entered in a form. If it automatically enters your information and removes the burden of remembering another set of credentials, then why not use it? While it might seem convenient, autofill passwords have some unforeseen repercussions.
Hackers have discovered ways to exploit the autofill feature. By placing an invisible form on a compromised website, the hacker can trick your browser into entering your information. You read that right; hackers use invisible forms, or hidden boxes to create a new, effective phishing-style attack.
These hidden text boxes are placed on websites and capture your data without your knowledge. As you start filling out your name, the hacker’s hidden boxes are grabbing other autofill data, such as email addresses, credit cards, or any other information that has automatically been stored.
Suddenly, everything stored in your browser’s autofill feature is compromised, and you can’t even see it happening!
What Should You Do?
Disabling the autofill feature is a simple and effective way to improve your account security. Products like LastPass or MyGlue are great alternatives to the autofill feature. These applications store your passwords in one place and remove the guesswork during the login process. Think of LastPass or MyGlue as being the digital equivalent of writing your passwords on sticky notes.
If you have any questions about your cybersecurity, give us a call or contact your account manager!