Mark One Consultants Blog - IT news & technology tips

Our Channel

Sharing our news with you.

The world of IT moves fast - really fast. We have created this space so we can share with you the most relevant news, reviews and information from around the IT and Mark One world.

Content type

Content categories

Channel

 > 

Blog

 > 

Tips


Autofill in password managers; a security vulnerability?

by Oli King - Fri 17 Sep 2021
Tips

Password managers are a hot topic of discussion in the world of IT security. But what exactly is a password manager, and more importantly, is it really helping you keep your data secure?

Passwords, we all have them, and use them daily in from work through to personal and social accounts and websites. Everyone knows about the importance of password security, keeping it private and difficult to guess, (goodbye password123) but with so many, it can be hard to keep track of which password is used for which website, application or account.  
This is where a password manager can help. A password manager remembers each of your passwords and automatically attributes them to the right website, account or application. Meaning you no longer have to remember which password you’ve used for the dozens of websites and application you use. With a password manager, you can sit back and never have to worry about remembering that super secure password you set for your Amazon or Netflix account - leaving you free to plan your next holiday, or check out the latest cat video on YouTube. 

While password managers can be great - they can certainly play an important part in keeping your data safe online and offer a useful alternative in managing your passwords - according to Marek Toth, a penetration tester at Avast, they are not without their own potential security flaws. In a recent blog post, marektoth.com Marek outlines why you should be disabling the autofill function in your password manager. 
But what is autofill? Autofill is when your password manager enters your username and password for the website, account, or application you are logging into. Before getting into the nitty gritty, it is important to note there are two different types of autofill – manual and automatic. 
If you are prompted to do something, such as click a button, to enter your username and password, this is a manual autofill action. If your username and password are automatically added, without you having to click a button, or do anything, this is an automatic autofill action.

It is this automatic autofill action that could leave you exposed, and leave the door open for cyber criminals to make off with the login details that you’ve spent so long making secure.

Autofill in password managers; a security vulnerability?

But I have anti-virus installed on my machine, how are they getting my details? You are not in fact, being hacked, or have a virus on your machine. These scamps and scallywags build malicious scripts which can read what is being entered on your screen by the automatic autofill function of the password manager and save what is being entered. From there, they can log into your various websites and accounts, using your username and password. 
What do I need to do to prevent this? There are several steps you can take to keep yourself and your data as secure as possible. To try and prevent your data being read, however, the best thing you can do, is disable the autofill function on your password manager and/or web browser. How to do this, will depend on the password manager you are using, but if you get stuck, get in touch with Mark One, and we will be happy to help you out. If you have read our previous blog on Password Managers and are using LastPass as a password manager, you can turn off automatic autofill by following the steps below

1. Click the LastPass icon in your web browser.
2. Scroll down to and click Account Options.
3. Click Extension Preferences.
4. Under General, unselect "Automatically fill login information".

Your LastPass will continue to work as normal, but now to log into websites, accounts, or applications which LastPass has saved your login details, you'll just have to click the LastPass icon that displays in each login form field.
Get in the loop

Keep up-to-date with the latest company news and exciting tech developments by signing up to our newsletter.

Show more
Would you pass an IT MOT?

We have developed a detailed Measure of Technology (MOT) for your business that will analyse and review your IT infrastructure and provide you with a system health check. Once our qualified technician has completed the MOT you will receive a detailed report on your IT infrastructure, including; future advisories, minor defects, and system critical defects (SCD).

  • Performed by qualified technicians
  • Conducted face-to-face at your premises
  • Comprehensive report upon completion
  • 50% off for a limited time!