for your security, disable auto-fill

Categories: Security // Tags: , , .

Feb 8, 2018 // By:admin // No Comment

Most browsers include a password manager to back up credentials to make it easier to fill out login forms. Users who want more features are turning to a third-party password manager like 1Password or LastPass. A recent study shows how advertising targeting companies exploit automatic filling to suck user credentials.

 Automatic Filling Managers Passwords

What’s the use of this weakness of password managers?

It must first be understood that the sites on which this practice has been identified are not themselves directly responsible for the unlawful recovery of login data for unique identification purposes. The researchers explain that two advertising scripts are involved: AdThink and OnAudience injecting invisible forms that the browser’s password manager will automatically fill if this feature is enabled.

email addresses are then

hashed by various functions (MD5, SHA1, SHA256) to generate a unique mathematical fingerprint that will be used to track the user on different sites that use the scripts in question. This is a way for advertisers to refine profiling without necessarily relying on cookies and other forms of tracking. And this is made possible by the fact that users most often use the same email address for multiple services.

Of the one million most visited sites in the world, researchers have identified 1110 that are partners of the two authorities mentioned above. The list with several French-language sites is provided at this address .

The scripts analyzed are content with usernames and email addresses. But nothing prevents other scripts like this from sucking passwords, as has been the case in the past.

How to protect yourself?

Unfortunately, most browser-based password managers do not allow you to disable autofill. This is the case for Google Chrome and Microsoft Edge. But if you use Firefox, there is an option to disable the automatic filling of identifiers, but it is hidden in the settings about: config.

To disable the function in Firefox, you need:

  • Enter about: config in the address bar
  • Click on “I take the risk”
  • Find the parameter signon.autofillForms by entering it in the search bar
  • Double-click on the line to change the value from “true” to “false”
  • Restart the browser

If you use Chrome and want to avoid being a victim of the flaw, better use a third-party password manager such as 1Password, LastPass or KeePass. the company AgilBits, which publishes the solution 1Password recalled that its utility does not integrate a functionality of automatic filling. It still requires user action.

With other solutions such as LastPass, you can do the same by disabling auto-fill. According to the tool you use, follow the procedure provided by the editor.

To access the report of this study, it is by here .

Source link

About admin

Browse Archived Articles by admin

Leave a Comment

%d bloggers like this: