Many people use auto-fill passwords for their convenience. What you might not know is that hackers and advertisers can use them to get access to websites and other applications and gather sensitive information. Learn more about the risks of using autocomplete passwords. Why auto-fill passwords are so dangerous Certain web browsers have integrated features that Learn More “Why autocomplete passwords are risky”
Advertisements and suggestions based on our internet browsing habits are sources of online tracking. However, autocomplete passwords are also another source of online tracking. This sneaky tactic comes with serious security risks. Here’s how you can stop it from targeting you. Why auto-fill passwords are so dangerous As of December 2018, there are 4.1 billion Learn More “Are autocomplete passwords safe?”
It’s been three weeks since one of the worst IT security vulnerabilities in history was announced, and consumers are still receiving mixed messages about how to protect themselves. We usually encourage users to install software updates as often as possible, but when it comes to Meltdown and Spectre, that advice comes with an asterisk.
Unsecured data storage
Spectre and Meltdown are the names given to two hardware flaws that allow hackers to see any piece of information stored on your computer. Although slightly different in execution, both take advantage of a hardware feature that computer chips use to access and store private information. For the last 20 years, security experts believed this information could not be stolen or spied on by malicious software, but that assumption was proven false on January 3, 2018.
Now that the Spectre and Meltdown vulnerabilities are public information, hackers can use them to create programs that steal passwords, social security numbers, credit card numbers, and anything else you type into your computer.
Because these problems are hardware-based, none of the updates will be able to secure the vulnerable storage; they’ll simply prevent your computer from storing anything in it. Currently, there are patches for:
- Operating systems (Windows, macOS, and Linux)
- Web browsers (Chrome, Firefox, Safari, Edge, and IE)
- Chip firmware (low-level programs installed on the processor itself)
If you’re using an Apple computer, these updates are relatively easy to install. If you’re using a Windows or Linux-based computer, these patches may cause your machine to freeze, reboot unexpectedly, or significantly slow down.
Why should I wait to install the updates?
Intel, one of the chipmakers responsible for the Spectre and Meltdown flaws, has provided contradictory recommendations on more than one occasion. As recently as January 18, Intel recommended waiting for an updated patch, but in the same announcement also recommended “consumers to keep systems up-to-date.”
Experts believe detecting an attack that is based on one of these flaws will be relatively easy and represent an alternative to installing updates that could render your computer unusable.
What should I do?
IT support experts will be able to quickly and easily assess what is the best option for your computers. For example, our team can determine whether or not your hardware will conflict with the current patches, and either install them or set up a detection strategy that will help you mitigate the risks without ruining your computer.
If you need expert IT support for quick responses and ironclad security — give us a call today.
There are a number of reasons you should be wary of saving your password to a digital platform. Just look at Yahoo’s data breach in 2013, which leaked passwords for three billion people. Even when your password isn’t compromised, saving it to a browser could have serious implications for your privacy.
Why auto-fill passwords are so dangerous
In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.
Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.
The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.
Using auto-fill to track users
Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.
Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.
One simple security tip for today
Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.
- If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
- If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
- If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.
This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.