top of page

The Risks Of Using Auto-Complete For Passwords



The auto-fill feature that makes it easy to enter in usernames and passwords on various websites may be putting your information at risk.


While auto-fill is a convenient way to keep track of the many combinations of letters, numbers and special characters you need to access sites, the feature is also being used by advertisers and hackers. That’s why many security experts are suggesting turning off the auto-complete feature in your web browser.


Password manager programs embedded in browsers are a simple way to get access to a password-protected website. The password manager auto-fills your details, giving you one-click access to account information meant to be kept private.


How Hackers Get Access

If hackers get access to a compromised website, they can put an invisible form on the site and easily collect users’ login information. If your browser automatically enters this information when it sees the appropriate boxes on a web form, it adds the info everywhere those boxes are found on a page, whether they’re seen by the user or not.


Because most web users use the same username and password for multiple sites, the theft of this information on just one website can expose your information on many others.


Not Just Hackers

It may come as a surprise to learn that hackers are not the only ones trying to use your login information. Some ad networks are using tracking scripts to grab email addresses stored in your password manager for auto-filling. That tech can be used to grab passwords too, whether stored on a browser or an independent password management site.


The ad networks are using the same technique as hackers — an invisible form that captures your credentials provided by the password manager. Here’s a helpful demo page that shows you how it works.


Ad networks are using this information not to hack your data, but to understand what sites you navigate to better target ads to you. And while they claim to only be grabbing email addresses, the potential for further abuse is there.


What Computer Users Can Do


Password managers by themselves are still useful tools, especially given the number of codewords we need to go about daily web browsing. It’s the auto-fill mechanism that needs to be disabled. That’s simple to do.

  • On Chrome

  • Go to Settings

  • Search for Passwords and click on the Passwords arrow

  • Toggle the Auto Sign-In tab to the left (it should be grayed out not blue)

  • For more protection, you can stop Chrome from saving any passwords by toggling the Offer to save passwords to the left

On Firefox

  • Open Options

  • Click on Privacy & Security in the left-hand navigation

  • Click on HistorySelect Firefox will: Use custom settings for history

  • A new submenu will appearUnclick on Remember search and form history

  • To fully disable saving any passwords, go to the Logins & Passwords section (just above History) and unclick Ask to save logins and passwords for websites

On Safari (Desktop)

  • Open the Preferences window

  • Click on the Auto-fill tab

  • Turn off all features related to usernames and passwords

On Safari (iOS)

  • Go to Settings

  • Scroll down to Passwords & Accounts and click on it

  • Toggle the AutoFill Passwords tab to the left

Disabling the auto-fill features means spending a little more time finding and entering usernames and passwords manually. However, these steps protect you from prying eyes looking to gain more information about you and your accounts.

bottom of page