Bitwarden

765 readers

99 users here now

Discuss the Paswordmanager Bitwarden.

founded 1 year ago

MODERATORS

[email protected]

Bitwarden adds a new auto-fill option right inside form fields (bitwarden.com)

submitted 8 months ago by Renn to c/[email protected]

24 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[+] [email protected] -14 points 8 months ago* (last edited 8 months ago) (9 children)

Some phishing websites can call on auto-fill to grab your passwords while presenting themselves as real websites.

This means a phishing link in an email that is supposed to take you to your gmail login page (as a example) may actually be a fake page that just captured your password. And because the link was sent to your email the attacker already has your email. The worst part is you may not have noticed your password was just "taken".

[–] [email protected] 25 points 8 months ago (3 children)

I don't think so. If someone sends you a link to a misspelled PayPal website, the password safe will NOT autofill the password.

[–] [email protected] 4 points 8 months ago (2 children)

Correct, as auto-fill is based on the exact URL address. Though if a phishing site somehow managed to spoof that address, your auto-fill may give away some sensitive info before you catch it. Though this makes no difference if you enter it manually on a phishing website and press enter.

Here is another way auto-fill in some cases on legitimate sites can pull extra information from your auto-fill with invisible auto-fill boxes on webpages.

https://www.theguardian.com/technology/2017/jan/10/browser-autofill-used-to-steal-personal-details-in-new-phising-attack-chrome-safari

[–] [email protected] 1 points 8 months ago

Oh so THAT is why the add-on defaults autocomplete to "off" and warns about the possibility of that exact attack as the reason why it's off by default.

load more comments (1 replies)

load more comments (6 replies)