This is not exactly new news, but web browsers can be a weak link in your data security that warrants taking another look see. (Periodic reminders never hurt anyone.) This Night Owl article will cover only two aspects of browser security weaknesses. I know many of you already know this stuff – the article is meant for those who may not know.
Several months ago Tom’s Guide published a reminder that’s clearly written and fairly concise. The gist of the problem is that some popular web browsers save usernames and passwords for you and then autofill webpage fields with that data. There are two problems with that sentence. First, web browsers are a terrible place to store usernames and passwords as they are nowhere near as secure as a password manager application, which is what you should be using instead.
Second, autofill may enter your credentials in hidden fields in a web page, allowing thieves to steal your username and password. Autofill is a feature that can be turned off, but it’s frequently on by default in popular web browsers. It works like this: a browser that has saved your login info also frequently fills in username and password fields without asking you first. This is no big deal if you opened that login page on purpose with the intention of logging in. However, if someone found a way to stick hidden username and password fields into the page, autofill may enter your username and password into those hidden fields without you realizing what’s happening. Anyone that knows HTML can make text on a webpage invisible, it’s super easy! Hackers can buy advertising space where they can insert their hidden username and password fields. Whenever some such nefarious ad appears on a webpage, it sucks up autofilled usernames and passwords.
I recently discovered that Opera (a web browser) is guilty of these bad habits. What’s worse is, Opera was gathering login credentials without my knowledge. It does ask if you want to save them, but it looked very much like my password manager was asking. Not paying close attention, I was fooled. When fields were autofilled, I thought my password manager was providing the credentials. I found out because of a bug in Opera. I had created an Amazon account for my wife, but Opera kept storing the last password used in with my Amazon login credentials, so the next time I tried to login Amazon kept telling me the password was incorrect. Naturally, I changed Amazon passwords several times to get into my account before realizing what was going on. Alarmed, I deleted my credentials from the Opera password manager and turned off Opera’s autofill.
While we’re on the subject, there are two other things I detest about Opera. One, the bookmark function really stinks. In over 25 years of using browsers and bookmarks, Opera’s bookmarks are hands-down the worst I’ve ever experienced. Editing bookmarks is awkward and rearranging or reorganizing them is impossible. Also there’s no way to import or export bookmarks. (This is the mobile version of Opera, I haven’t tried the desktop version).
Two, the built-in newsfeed is awful. They give you the option to say “don’t show me stories from this website any more” or “not interested in this topic”, but then they completely ignore your feedback and keep feeding you crap. Opera’s newsfeed is heavy on disinformation and propaganda websites, including several well-known Russian sources. There are also plenty of pro-Trump and pro-GOP websites in their newsfeed. There are other news sources in their feed, I suppose to affect a balanced and fair posture, but overall it’s laughable.
On the positive side, Opera is generally fast and there’s no apparent limit to how many tabs you can have open as long as your device has enough memory. I really like that. Nevertheless, I’m dumping Opera ASAP.
To recap the key points; don’t use browser-based password managers, make sure autofill is always turned off, and always remember that periodic reminders never hurt anyone.
Question of the Night: What password manager program is best, in your opinion, and why?