Get a Pentest and security assessment of your IT network.

Request a quote
Cyber Security

Secure Form Autofill

January 3, 2026

TL;DR

Publicly available forms should never automatically fill with sensitive information like passwords or bank details. This guide explains how to prevent this, focusing on browser settings and form design best practices.

Understanding the Risk

Automatically filling in sensitive data is a huge cyber security risk. If a website is compromised, attackers could steal pre-filled information. Even if the site seems legitimate, it’s better to be safe than sorry.

Step 1: Disable Autofill in Your Browser

Most browsers store form data and offer to autofill fields. Here’s how to disable this feature in popular browsers:

Google Chrome

  1. Click the three dots (menu) in the top-right corner.
  2. Select Settings.
  3. Type ‘autofill’ into the search bar.
  4. Click Passwords, then disable Offer to save passwords and Auto Sign-in.
  5. Click Payment methods, then disable Save and fill payment methods.
  6. Click Addresses and more, then disable Save and fill addresses.

Mozilla Firefox

  1. Click the three lines (menu) in the top-right corner.
  2. Select Settings.
  3. Go to Privacy & Security.
  4. Under Logins and Passwords, uncheck Ask to save logins and passwords for websites.
  5. Under Forms & Autofill, uncheck Autofill addresses and Autofill credit cards.

Microsoft Edge

  1. Click the three dots (menu) in the top-right corner.
  2. Select Settings.
  3. Type ‘autofill’ into the search bar.
  4. Click Passwords, then disable Offer to save passwords and Auto sign-in.
  5. Click Payment info, then disable Save and fill payment info.
  6. Click Addresses and more, then disable Save and fill addresses.

Step 2: Clear Existing Autofill Data

Disabling autofill prevents future saving, but you also need to clear any data already stored.

Google Chrome

  1. Click the three dots (menu) in the top-right corner.
  2. Select Settings.
  3. Type ‘clear browsing data’ into the search bar.
  4. Click Clear browsing data.
  5. Select Passwords, Payment methods and Addresses and more.
  6. Choose a time range (e.g., All time).
  7. Click Clear data.

Mozilla Firefox

  1. Click the three lines (menu) in the top-right corner.
  2. Select Settings.
  3. Go to Privacy & Security.
  4. Under Logins and Passwords, click Saved Logins… and remove any entries.
  5. Under Forms & Autofill, click Saved Addresses… and Saved Credit Cards… and remove any entries.

Microsoft Edge

  1. Click the three dots (menu) in the top-right corner.
  2. Select Settings.
  3. Type ‘clear browsing data’ into the search bar.
  4. Click Clear browsing data.
  5. Select Passwords, Payment info and Addresses and more.
  6. Choose a time range (e.g., All time).
  7. Click Clear now.

Step 3: Form Design Best Practices (For Website Owners)

If you own the website, take these steps to prevent autofill from being misused:

  • Use the correct input types: Use type="password" for password fields. This tells browsers not to save or display the entered text.
  • Disable autocomplete attribute: Add the autocomplete="off" attribute to sensitive form fields. 
    <input type="password" name="password" autocomplete="off">
  • Use strong encryption (HTTPS): Ensure your website uses HTTPS to encrypt all data transmitted between the user’s browser and your server.
  • Avoid storing sensitive information: Do not store passwords or other highly sensitive data on your servers if it’s avoidable. Use secure hashing algorithms if storage is necessary.
4
Share:
Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

January 3, 2026
Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

January 3, 2026
Cyber Security

Zero Knowledge Voting with Trusted Server

January 3, 2026
Cyber Security

ZeroNet: 51% Attack Risks & Mitigation

January 3, 2026