Disclaimer: We sustain our work & review products through paid collaborations.
Advertisers Could Exploit Browser Password Manager Data: There Is No Escape

Advertisers Could Exploit Browser Password Manager Data: There Is No Escape


There is no denying that password managers built into browsers are pretty convenient.

In fact some of them, like Firefox or Opera, protect sensitive data with a master password, not to mention the added bonus of necessary countermeasures to prevent advertisers and wrongdoers from tracking our online activity or getting access to passwords and other credentials.

However, there is a very good reason why security experts constantly warn users to stay away from the built-in password manager of their browsers. And the latest research conducted by Princeton’s Center for Information Technology Policy might as well be the final nail in the coffin of browser password managers, since all that is needed for advertisers (and hackers) to get your details is a login stored into the browser’s own password manager to use for autofill later.

The invisible hand that mugs you without you knowing it

Everybody knows how autofill works: you access a website that you have already visited a couple of times and, once the login information is saved to the browser’s built-in password manager, the browser will automatically fill out the necessary boxes without any intervention on your part. In normal cases the password manager only does this when the web developer specifies certain input boxes for the login form – and that’s the weakness that has been exploited by two tracking scripts, AdThink and OnAudience.

These scripts plant invisible login forms in an advert of the website, fooling the password manager into thinking that it’s a legitimate login form that needs to be filled out. So, every time you visit another page on the same website, the browser’s password manager falls for the same trick again and again, while the scripts sniff out your email data and send it in a hashed form to third parties to be used for targeted advertising – and you wouldn’t even notice this happen until it’s too late.storing passwords on browser

Today your emails, tomorrow your passwords

Advertisers following us everywhere and shoving unwanted ads in our faces based on the information gathered about us in such a dubious way is already a creepy thought in itself, but what’s more frightening is that there is no guarantee that these companies will stop at just email addresses. The next target could easily be your passwords and credentials.

From that point on, it’s only a matter of time before the scripts that could sniff out emails and passwords are exploited by hackers. Just imagining the effects it’d have on the world’s internet users is enough to send shivers down anybody’s spine.

Princeton’s demo showing how password could be sniffed

Fighting fire with third party password managers

This case proves once and for all that no matter how convenient their use may be and how fast this vulnerability will be fixed, built-in browser password managers should be ditched by users as soon as possible in favor of third party solutions like the ones tested by our experts.

These password management programs need to import the necessary data from browsers only once, after which all sensitive information will be locked behind a vault that is encrypted by military-grade encryption and is protected by a strong master password. This master password, in fact, is the only thing you need to keep in mind, since all the other passwords can be changed to something truly unbreakable without the need to remember them.

To make things better, password managers are also capable of autofilling the necessary information into login forms via their handy browser extensions but, unlike the browser’s own built-in password management solution, the login information always stays encrypted and therefore prevents advertisers and hackers from ever knowing anything about you.

60% off RoboForm for Best Reviews readers
RoboForm logo
Commit to RoboForm using Best Reviews' exclusive discount and enjoy a discount of 60% off the regular price.
/goto/roboform/ Click to show code

And if all this still doesn’t make you feel secure, then know that the chances are that passwords will soon be a thing of the past anyway thanks to advancements in biometric authentication technology that are full of promising results – particularly like FIDOheartbeat passwords and smart textile.


Best password managers of 2025

Editors' choice

RoboForm

Editor's rating:
Identifies weak, reused passwords
Future-ready, seamless logins
Easy to use
Budget-friendly
Families

LastPass

Editor's rating:
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses

1Password

Editor's rating:
Keeps your data fully private
Protects against unauthorized access
Protects against unauthorized access
One-time password support
Security features

Keeper

Editor's rating:
Protects against data breaches
Works on all major devices
Budget-friendly
Help when you need it
Personal use

NordPass Personal

Editor's rating:
Keeps data safe and encrypted
Creates strong, unique passwords
Great value at no cost
Affordable premium upgrade
Password sharing

Dashlane

Editor's rating:
Updates weak passwords quickly
Encrypts your online traffic
Easy migration from other tools
Full mobile functionality
Local storage

Enpass

Editor's rating:
Comprehensive password management
No cost on desktops
Full control of your data
Keeps your info fully secure

Discussions

Share your thoughts, ask questions, and connect with other users. Your feedback helps our community make better decisions.

©2012-2025 Best Reviews, a clovio brand – All rights reserved