For example, if you use LastPass (which is not currently affected by these scripts, but theoretically could be), the autofill feature fills login fields with your credentials so you can just click “Login”. However, you can still mitigate some of your risk from these scripts by disabling autofill in your password manager. if you use the same password for that website as you do for your email account, that person could then access your email account and use it to gain access to your other accounts. That’s not ideal, but it’s not the worst thing that could happen. ![]() If an advertiser did capture your password on a website, the worst someone with that data could do is sign into that website. Advertisers are currently just using this technique to capture usernames and email addresses, but there’s nothing stopping them from capturing passwords as well, if one was in a particularly nefarious mood someday. It’s not just a theoretical attack-it’s actually being used by advertisers on 1110 of the top one million websites today, according to Freedom to Tinker. This problem demonstrates the importance of using unique passwords on every website. RELATED: Why You Should Use a Password Manager, and How to Get Started ![]() ![]() ![]() You Need Unique Passwords Everywhere, So Password Managers Are Still Essential This demonstration site doesn’t currently show any problem if you use LastPass, but anything that automatically fills usernames and passwords with no user intervention-LastPass included-is theoretically vulnerable.
0 Comments
Leave a Reply. |