Stop Autofill on Untrusted Sites

TL;DR

Browsers save your usernames and passwords to make logging in easier. This can be a security risk if you use those saved details on websites you don’t trust. Here’s how to control autofill, especially for less secure sites.

How to Control Autofill

1. Understand the Risk: When your browser offers to save passwords or fill in forms automatically, it stores that information. If a website is compromised, those saved details could be stolen.
2. Check Your Browser Settings (Chrome):
   • Go to chrome://settings/passwords in the address bar.
   • Turn off ‘Offer to save passwords’ if you don’t want Chrome saving anything at all.
   • Alternatively, click ‘Manage Passwords’. You can remove saved passwords for specific sites here.
   • Under ‘Auto Sign-in’, disable this feature if you prefer to always enter your password manually.
3. Check Your Browser Settings (Firefox):
   • Go to about:preferences#privacysecurity in the address bar.
   • Scroll down to ‘Logins and Passwords’.
   • Uncheck ‘Ask to save logins and passwords for websites’ if you want to disable saving altogether.
   • Click ‘Saved Logins…’ to view and remove existing saved credentials.
4. Check Your Browser Settings (Edge):
   • Go to edge://settings/passwords in the address bar.
   • Turn off ‘Offer to save passwords’ if you don’t want Edge saving anything at all.
   • Click ‘Manage saved passwords’. You can remove saved passwords for specific sites here.
5. Use a Password Manager: Consider using a dedicated password manager (like Bitwarden, 1Password, or LastPass). These offer stronger security features and more control over your credentials than browser-based saving.
   • Password managers often have built-in warnings for compromised websites.
   • They can generate strong, unique passwords for each site.
6. Be Careful What You Save: Only save passwords on sites you trust completely (e.g., your bank, email provider). Avoid saving them on forums or less reputable websites.
7. Regularly Review Saved Passwords: Periodically check the list of saved passwords in your browser and remove any that are no longer needed or for sites you don’t use anymore.
8. Clear Browser Data: Clearing your browsing history, cookies, and cached data can also help remove potentially sensitive information. Be aware this will log you out of websites.
   • In Chrome: chrome://settings/clearBrowserData
   • In Firefox: about:preferences#privacy (under ‘Cookies and Site Data’)
   • In Edge: edge://settings/clearBrowserData

Extra Security Tips

• Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA on your important accounts. This adds an extra layer of security beyond just a password.
• Keep Your Browser Updated: Regularly update your browser to the latest version to benefit from the latest security patches.