Back to news

Why you should disable auto-fill in your browser: protect your privacy!

March 27, 2018    |    Cyber Security    |    Lauren Elkins

What browser are you on?

Chances are it’s Chrome, but perhaps you like to stand out a little and do things differently. According to StatCounter, 57% of users in the U.S. are on Chrome. Internet Explorer comes next at almost 13% with Firefox just behind at 11%, Safari at 10% and Edge grabbing just 7%.

Whatever your choice, that web browser through which you’re reading this post has a password manager tool. It might suggest a helpful way for you to save passwords for logging into sites faster in the future.

“Want me to remember this password for next time?”

Sure, you think, and click OK.

How helpful, Chrome. You are my friend, Firefox. Thanks for the help, Safari.

These built-in browser tools are lightweight versions of the password management tools offered by companies like LastPass and 1Password (which we like, by the way). It’s important to be smart with passwords, something we’ve mentioned in past posts. Most of us know the best way to handle our online accounts, but we don’t put that into action. According to YouGov, 22% of online users have the exact same password for most of their online logins, and 42% of users do that for some of their accounts. Combine that with the 6% that use one password for all accounts, and you have 70% of users reusing a password.

Using the browser password tool could be a good way for you to improve your password practices, but guess what? These helpful lightweight browser tools are being exploited!

Princeton’s Center for Information Technology Policy published in-depth information about how third-party scripts comb through your personal data by snagging it from these built-in password managers. Yikes!

Here's a quick summary of what's happening:

  • You visit a website that has ads on it.
  • Those ads run scripts that inject invisible login forms into the background of the webpage.
  • Those login forms scoop up anything your helpful browser autofills into the form.
  • That information is used to track you from page to page and target advertising.

Supposedly, the focus is on usernames, but “there’s no technical measure to stop scripts from collecting passwords the same way,” as Russell Brandom with The Verge points out.

And guess what else? That data is also sold through a massive consumer data broker. Unfortunately, we’re not surprised. If you want to protect your privacy, you must be your own advocate.

Better Safe Than Sorry