Password Autofill: Is it safe?

Password autofill is a service that you have probably been using for years without thinking much about it. Nothing is more convenient than visiting a website and the browser automatically putting your username, password, or form data in the required fields.

By automatically filling out your details, the browser saves personal and professional users time. You do not need to remember, find or type in details for each website you have an account with. Speed is everything in a world driven by technology, so it isn’t surprising that browsers want to streamline as many actions for us as possible. However, user data may not be safe, and with more work from home professionals, the risks could be amplified, with remote working taking place on personal devices.


The Dangers of Autofill 


When it comes to password autofill, convenience can equal risk. Autofill could be compromising security, and it is easier to trick a browser into giving up this saved information.  To acquire your data, a hacker can add an invisible auto-fill form to a webpage. Autofill knows there is a form on the page and can give up your information, allowing the hacker to collect your credentials.  Research has shown that four out of five people make the common password error of using the same or similar passwords for multiple accounts. Using one password for many accounts amplifies the risk because once a cybercriminal has cracked one account, they also have access to other accounts that use the same credentials.


What are browsers doing to become more secure?


Personal and professional users will want to keep autofill passwords turned on and avoid the inconvenience of typing in and remembering usernames and passwords. Some browsers, such as Chrome, have added secondary authentication when bank card details are required. Here biometrics allow the browser to ask for a fingerprint before giving your card details to the website. There is also the option of automatic autofill and manual autofill. With automatic autofill, the browser enters details without any user interaction as soon as the web page loads. With manual autofill, the browser asks you if you want it to enter your credentials. By switching to manual autofill, the user takes back some level of control and only at the inconvenience of an extra click.


What are the alternatives?


Password managers also request authority from you before auto-filling your details. Your password manager can create strong passwords for you, which is great for you or your company’s cybersecurity. If you prefer to create passwords, you should follow these password tips to avoid creating weak passwords. To ensure you are creating secure passwords, never use the company name, season, or year. You should also avoid ending your password with a full stop or exclamation mark.


How to access autofill settings


You can access your password autofill settings by: 

  • Chrome – Open Settings, click Advanced and Manage Passwords
  • Firefox – Open Options, click Privacy, and under History, select ‘Firefox will: Use custom settings for history.’
  • Safari – Open Preferences, and click Auto-fill


Contact us..

Related Articles

How To Get ISO 27001 Certified

ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a systematic approach for organisations to manage and protect their

Find Out More