• Your IP: (VA, United States)
  • Your ISP: Amazon.com
  • Your Status: Unprotected
  • Get Protected

December 20, 2021

Privacy Tip of the Week: Turn Off Autofill

Posted by

Autofill technology is ubiquitous online; chances are, you’ve used it many times in the past. It allows a website to pre-fill a response field on behalf of the user. Like with most modern technology, autofill has evolved to make our lives more convenient. Gone are the days of having to remember your password for every website; autofill technology can simply fill your password in for you. Likewise, many ecommerce websites are able to automatically fill out details like your shipping address, saving you precious time in the checkout process.

Unfortunately, many online conveniences come at the expense of your digital privacy and safety. Autofill is no different. In order for it to work, your data is saved online and can possibly be accessed by people who aren’t you. There are several ways using autofill can put you at risk. Here’s what you should know:

  • What is autofill?
  • How do we use it?
  • Why is it dangerous?
  • Are there alternatives?

What is Autofill?

Autofill is a function that some types of software are able to fulfill on behalf of a user, often without the user specifically prompting it. More specifically, it automatically inputs saved data into online forms or spreadsheets. These forms may include things like credential fields, address fields, or even billing information fields. In other words, autofill may automatically plug your password, address, or credit card information into a website for you to navigate that site more easily.

Its main purpose is to make browsing websites easier. Checkout processes become faster when we don’t have to input our address every time. Logging into websites is more convenient when we don’t have to remember our password for it every time.

How Do We Use It?

Autofill is specifically designed to require as little user interaction as possible. It wouldn’t be helpful if it required just as much effort as filling out online forms manually. Therefore, the actual work done by the end user is minimal.

In many cases, autofill is a feature built into a web browser. It may be turned on by default, or prompt a user to turn it on. When on, the browser automatically collects a user’s information when they input it into a form for the first time. For example, if you sign up for an account on TikTok in the Chrome browser, Chrome will ask if you’d like to save the username and password. If you allow it to save the data, it can autofill it every time you visit TikTok.

There are also extensions and apps users can install to autofill login extensions. A password management app like LastPass is able to save your passwords and autofill them on the correct websites.

In addition to inputting login information, autofill is also often used to fill out response forms which require your personal information. For example, most ecommerce websites require your address, email, and phone number when purchasing a product. Instead of typing these things manually, the website may offer autofill, which allows the data saved in your browser to be inputted into the correct response fields. Shipping details aren’t the only things that may be filled in this way; a website may even be able to autofill your credit card information.

Why is Autofill Dangerous?

In general, it’s always a bad idea to allow your personal information to be saved online. If the websites and browsers that save it don’t protect it properly, it could fall into the wrong hands. Cyberattacks are an increasingly serious threat, with the rate of attacks more than doubling in the first half of 2021 alone when compared to all of 2020. Of course, if you want to use the internet, you have to leave data behind somewhere. But by allowing autofill software to store your data, you’re creating an extra and unnecessary breach opportunity.

Here’s how a cybercriminal may be able to use the data saved on autofill databases:

  • Hidden forms
  • Password access
  • Data breaches
  • Invisible sharing

Hidden Forms

One way attackers are able to steal information online is by creating websites or forms on websites that serve no purpose other than to steal your information. If you accidentally use those forms, autofill will add your details immediately and those attackers will then have access to your data, even if you close the browser without clicking submit.

Password Access

If your phone or laptop is stolen, or your browser has been compromised, your login credentials may be at risk. For example, if you have your bank account login saved on your phone, anyone who steals or accesses your phone can easily login to your account with no effort at all.

Data Breaches

Data breaches are another reason you should never use autofill. Enabling autofill increases the likelihood that attackers can steal your information in the event of a data breach. If browsers don’t store your login credentials in the first place, there’s nothing to steal down the road.

Invisible Sharing

In 2017, a Finnish developer named Viljami Kuosmanen showed that several browsers may fall victim to a clever phishing attack in which they invisibly share your autofill information with a website, even if that website doesn’t need all of your information. For example, if you want to sign up for a new website, that site might only ask for your name and email address. However, secret input fields trick autofill into giving away more information than you can see. This doesn’t happen on every website, but it is worth keeping in mind.

Are There Alternatives?

Autofill may be convenient but it’s also risky. It creates yet another opportunity for data theft or misuse. Unfortunately, it’s also the industry standard for inputting user information into a website quickly. At the moment, a few alternatives are being researched, including using biometric information to verify you are the user whose information is being accessed, and two-factor authentication keys that may be able to autofill information from an offline source.

However, these types of technology are largely in the development stage and are not yet widely implemented. Until they are, the safest way to protect yourself from the risks of autofill is to avoid autofill altogether.

To stay safe, turn autofill off and take the extra 30 seconds to fill in your own information.

Protect your privacy even further by browsing the internet with HotBot VPN.

Posted by

More Blog Posts

Digital footprint header

January 24, 2022

9 Steps to Reduce Your Digital Footprint

Using the internet is like walking through a patch of mud. No matter where you go, you leave behind a footprint that others can see. While this can help you stay connected with a larger world, it also puts your personal information on display, which reduces your security and privacy online. When some people learn […] Read more
Erase Your Search History

January 10, 2022

Privacy Tip of the Week: Erase Your Browsing History

Browsing history is a collection of data about the activity you conduct while surfing the web. It includes things like the websites you visit, and the files you download. For the most part, the history collected makes web surfing more convenient for the user. You can take a look back at the pages you’ve visited […] Read more
The Pros and Cons of Using a Private Search Engine

January 2, 2022

The Pros and Cons of Using a Private Search Engine

Private search engines are a safer alternative to traditional search engines like Google and Bing. Their main goal is, well, exactly what it seems: to protect the privacy of their users. However, many people are hesitant to make the switch to a new search provider because they worry that they will lose the convenience and […] Read more

Grab the limited deal now!

Our best price ever! Get HotBot VPN for 70% off today. Our app can be used on up to 6 devices at a time, doesn't limit speeds, and increases security and freedom when using the internet.

1 Year Plan

{{ trialPrice(0) }}

Save 30%

{{ plans[0].oldPrice }} {{ plans[0].formatPrice }}

Billed every year.

6 Month Plan

{{ trialPrice(1) }}

Save 20%

{{ plans[1].oldPrice }} {{ plans[1].formatPrice }}

Billed every six months.

1 Month Plan

{{ trialPrice(2) }}

{{ plans[2].monthPrice }}

Billed every month.

Get the HotBot VPN Mobile App.

Download our apps for iOS and Android