Privacy Tip of the Week: Turn Off Autofill

Autofill technology is ubiquitous online; chances are, you’ve used it many times in the past. It allows a website to pre-fill a response field on behalf of the user. Like with most modern technology, autofill has evolved to make our lives more convenient. Gone are the days of having to remember your password for every website; autofill technology can simply fill your password in for you. Likewise, many ecommerce websites are able to automatically fill out details like your shipping address, saving you precious time in the checkout process.

Unfortunately, many online conveniences come at the expense of your digital privacy and safety. Autofill is no different. In order for it to work, your data is saved online and can possibly be accessed by people who aren’t you. There are several ways using autofill can put you at risk. Here’s what you should know:

• What is autofill?
• How do we use it?
• Why is it dangerous?
• Are there alternatives?

What is Autofill?

Autofill is a function that some types of software are able to fulfill on behalf of a user, often without the user specifically prompting it. More specifically, it automatically inputs saved data into online forms or spreadsheets. These forms may include things like credential fields, address fields, or even billing information fields. In other words, autofill may automatically plug your password, address, or credit card information into a website for you to navigate that site more easily.

Its main purpose is to make browsing websites easier. Checkout processes become faster when we don’t have to input our address every time. Logging into websites is more convenient when we don’t have to remember our password for it every time.

How Do We Use It?

Autofill is specifically designed to require as little user interaction as possible. It wouldn’t be helpful if it required just as much effort as filling out online forms manually. Therefore, the actual work done by the end user is minimal.

In many cases, autofill is a feature built into a web browser. It may be turned on by default, or prompt a user to turn it on. When on, the browser automatically collects a user’s information when they input it into a form for the first time. For example, if you sign up for an account on TikTok in the Chrome browser, Chrome will ask if you’d like to save the username and password. If you allow it to save the data, it can autofill it every time you visit TikTok.

There are also extensions and apps users can install to autofill login extensions. A password management app like LastPass is able to save your passwords and autofill them on the correct websites.

In addition to inputting login information, autofill is also often used to fill out response forms which require your personal information. For example, most ecommerce websites require your address, email, and phone number when purchasing a product. Instead of typing these things manually, the website may offer autofill, which allows the data saved in your browser to be inputted into the correct response fields. Shipping details aren’t the only things that may be filled in this way; a website may even be able to autofill your credit card information.

Why is Autofill Dangerous?

In general, it’s always a bad idea to allow your personal information to be saved online. If the websites and browsers that save it don’t protect it properly, it could fall into the wrong hands. Cyberattacks are an increasingly serious threat, with the rate of attacks more than doubling in the first half of 2021 alone when compared to all of 2020. Of course, if you want to use the internet, you have to leave data behind somewhere. But by allowing autofill software to store your data, you’re creating an extra and unnecessary breach opportunity.

Here’s how a cybercriminal may be able to use the data saved on autofill databases:

• Hidden forms
• Password access
• Data breaches
• Invisible sharing

Hidden Forms

One way attackers are able to steal information online is by creating websites or forms on websites that serve no purpose other than to steal your information. If you accidentally use those forms, autofill will add your details immediately and those attackers will then have access to your data, even if you close the browser without clicking submit.

Password Access

If your phone or laptop is stolen, or your browser has been compromised, your login credentials may be at risk. For example, if you have your bank account login saved on your phone, anyone who steals or accesses your phone can easily login to your account with no effort at all.

Data Breaches

Data breaches are another reason you should never use autofill. Enabling autofill increases the likelihood that attackers can steal your information in the event of a data breach. If browsers don’t store your login credentials in the first place, there’s nothing to steal down the road.

Invisible Sharing

In 2017, a Finnish developer named Viljami Kuosmanen showed that several browsers may fall victim to a clever phishing attack in which they invisibly share your autofill information with a website, even if that website doesn’t need all of your information. For example, if you want to sign up for a new website, that site might only ask for your name and email address. However, secret input fields trick autofill into giving away more information than you can see. This doesn’t happen on every website, but it is worth keeping in mind.

Are There Alternatives?

Autofill may be convenient but it’s also risky. It creates yet another opportunity for data theft or misuse. Unfortunately, it’s also the industry standard for inputting user information into a website quickly. At the moment, a few alternatives are being researched, including using biometric information to verify you are the user whose information is being accessed, and two-factor authentication keys that may be able to autofill information from an offline source.

However, these types of technology are largely in the development stage and are not yet widely implemented. Until they are, the safest way to protect yourself from the risks of autofill is to avoid autofill altogether.

To stay safe, turn autofill off and take the extra 30 seconds to fill in your own information.

Protect your privacy even further by browsing the internet with HotBot VPN.