this post was submitted on 21 Feb 2024
75 points (96.3% liked)
Bitwarden
766 readers
2 users here now
Discuss the Paswordmanager Bitwarden.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Some phishing websites can call on auto-fill to grab your passwords while presenting themselves as real websites.
This means a phishing link in an email that is supposed to take you to your gmail login page (as a example) may actually be a fake page that just captured your password. And because the link was sent to your email the attacker already has your email. The worst part is you may not have noticed your password was just "taken".
I don't think so. If someone sends you a link to a misspelled PayPal website, the password safe will NOT autofill the password.
Correct, as auto-fill is based on the exact URL address. Though if a phishing site somehow managed to spoof that address, your auto-fill may give away some sensitive info before you catch it. Though this makes no difference if you enter it manually on a phishing website and press enter.
Here is another way auto-fill in some cases on legitimate sites can pull extra information from your auto-fill with invisible auto-fill boxes on webpages.
https://www.theguardian.com/technology/2017/jan/10/browser-autofill-used-to-steal-personal-details-in-new-phising-attack-chrome-safari
Oh so THAT is why the add-on defaults autocomplete to "off" and warns about the possibility of that exact attack as the reason why it's off by default.