For example, if you use LastPass (which is not currently affected by these scripts, but theoretically could be), the autofill feature fills login fields with your credentials so you can just click “Login”. However, you can still mitigate some of your risk from these scripts by disabling autofill in your password manager. The best way to do that is with a password manager-don’t throw the baby out with the bathwater. With all the different accounts the average person has online, and the frequency of attacks against these websites, it’s imperative that you use a unique password for every site you visit. This is why we still recommend using a password manager, no matter what. if you use the same password for that website as you do for your email account, that person could then access your email account and use it to gain access to your other accounts. That’s not ideal, but it’s not the worst thing that could happen. If an advertiser did capture your password on a website, the worst someone with that data could do is sign into that website. Advertisers are currently just using this technique to capture usernames and email addresses, but there’s nothing stopping them from capturing passwords as well, if one was in a particularly nefarious mood someday. It’s not just a theoretical attack-it’s actually being used by advertisers on 1110 of the top one million websites today, according to Freedom to Tinker. This problem demonstrates the importance of using unique passwords on every website.
Sticky password autofill engine chrome how to#
RELATED: Why You Should Use a Password Manager, and How to Get Started You Need Unique Passwords Everywhere, So Password Managers Are Still Essential This demonstration site doesn’t currently show any problem if you use LastPass, but anything that automatically fills usernames and passwords with no user intervention-LastPass included-is theoretically vulnerable. Continue, and it will be autofilled in the background, with the script capturing the email address and password. Fill in a fake email address and password, and you’ll be prompted to save it in your browser’s password manager. You can see this problem for yourself by visiting this demonstration page. They run in the background, create fake login and password boxes you can’t even see, and captures the credentials your password manager fills into them. But some third-party advertising scripts-the ones that nearly every website out there uses-are starting to use these to track you.
0 kommentar(er)
