Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.
Advertisers Could Exploit Browser Password Manager Data: There Is No Escape

Advertisers Could Exploit Browser Password Manager Data: There Is No Escape

By Zoltán G.Zoltán G. Verified by Adam B.Adam B. Last updated: July 17, 2024 (0)

There is no denying that password managers built into browsers are pretty convenient.

In fact some of them, like Firefox or Opera, protect sensitive data with a master password, not to mention the added bonus of necessary countermeasures to prevent advertisers and wrongdoers from tracking our online activity or getting access to passwords and other credentials.

However, there is a very good reason why security experts constantly warn users to stay away from the built-in password manager of their browsers. And the latest research conducted by Princeton’s Center for Information Technology Policy might as well be the final nail in the coffin of browser password managers, since all that is needed for advertisers (and hackers) to get your details is a login stored into the browser’s own password manager to use for autofill later.

The invisible hand that mugs you without you knowing it

Everybody knows how autofill works: you access a website that you have already visited a couple of times and, once the login information is saved to the browser’s built-in password manager, the browser will automatically fill out the necessary boxes without any intervention on your part. In normal cases the password manager only does this when the web developer specifies certain input boxes for the login form – and that’s the weakness that has been exploited by two tracking scripts, AdThink and OnAudience.

These scripts plant invisible login forms in an advert of the website, fooling the password manager into thinking that it’s a legitimate login form that needs to be filled out. So, every time you visit another page on the same website, the browser’s password manager falls for the same trick again and again, while the scripts sniff out your email data and send it in a hashed form to third parties to be used for targeted advertising – and you wouldn’t even notice this happen until it’s too late.

Today your emails, tomorrow your passwords

Advertisers following us everywhere and shoving unwanted ads in our faces based on the information gathered about us in such a dubious way is already a creepy thought in itself, but what’s more frightening is that there is no guarantee that these companies will stop at just email addresses. The next target could easily be your passwords and credentials.

From that point on, it’s only a matter of time before the scripts that could sniff out emails and passwords are exploited by hackers. Just imagining the effects it’d have on the world’s internet users is enough to send shivers down anybody’s spine.

Princeton’s demo showing how password could be sniffed

Fighting fire with third party password managers

This case proves once and for all that no matter how convenient their use may be and how fast this vulnerability will be fixed, built-in browser password managers should be ditched by users as soon as possible in favor of third party solutions like the ones tested by our experts.

These password management programs need to import the necessary data from browsers only once, after which all sensitive information will be locked behind a vault that is encrypted by military-grade encryption and is protected by a strong master password. This master password, in fact, is the only thing you need to keep in mind, since all the other passwords can be changed to something truly unbreakable without the need to remember them.

To make things better, password managers are also capable of autofilling the necessary information into login forms via their handy browser extensions but, unlike the browser’s own built-in password management solution, the login information always stays encrypted and therefore prevents advertisers and hackers from ever knowing anything about you.

And if all this still doesn’t make you feel secure, then know that the chances are that passwords will soon be a thing of the past anyway thanks to advancements in biometric authentication technology that are full of promising results – particularly like FIDOheartbeat passwords and smart textile.

User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Latest Articles

How To Master English Fluency: 10 Effective Tips and Tricks
When it comes to language learning, we often come across the word ‘fluency’. But what does it mean exactly? Simply put, fluency is the ability to articulate a message ...
Read article
4 Reasons To Choose CRM Software With AI
With the competition increasing, maintaining lasting customer relationships is more crucial than ever. Customer relationship management (CRM) systems have long been the backbone of most businesses’ effective interaction management, helping them streamline processes, improve satisfaction, and boost sales
Read article
Empower Your Wedding With The Perfect Hashtag
Do you remember the time when # was a simple sign used only in phone menus? The mundane past of the hashtag is now gone, because Twitter came, saw, and turned this barely known sign into a global Internet craze. 
Read article

Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us