Auto-complete for passwords is a feature commonly used in browsers today. It is a mechanism that allows usernames and passwords to be automatically entered into a web form. Only around 20% of US internet users have unique passwords for each online account. Many people have to manage dozens of different passwords and see auto-fill as a convenient feature that cuts down on time. Others use a dedicated application to manage passwords outside of the browser. However, this is much more dangerous than many realize.
A hacker can easily trick the browser or program by placing an invisible form on a compromised web page.
MARKETERS TRACK TOO
Surprisingly, this is not only done by hackers. Digital marketers often deploy this trick to track what websites users visit. AdThink and OnAudience are both known to do this. Their goal is gathering data for marketing purposes, but IT professionals warn it would not be hard for them to steal passwords as well.
It is quite simple to disable auto-complete in a browser. Privacy settings in most browsers can be easily accessed and the auto-complete disabled within a minute. Below are instructions to accomplish this.
For Chrome users: Go to the Settings window, go to Advanced, and then disable under Manage Passwords.
For Firefox users: Go to the Options window, click the Privacy tab, then under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
For Safari users: Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.
Unfortunately, this is just one way hackers can get your information. Modern organizations with advanced technology require more managed measures against hackers.