this post was submitted on 21 Feb 2024
2 points (100.0% liked)
Bitwarden
750 readers
3 users here now
Discuss the Paswordmanager Bitwarden.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Auto fill is bad. Don't use it.
Because?
Some phishing websites can call on auto-fill to grab your passwords while presenting themselves as real websites.
This means a phishing link in an email that is supposed to take you to your gmail login page (as a example) may actually be a fake page that just captured your password. And because the link was sent to your email the attacker already has your email. The worst part is you may not have noticed your password was just "taken".
if I'm entering my details on a phishing website anyway, it shouldn't really matter wether or not I typed it in or used Autofill, right?
There might be a vulnerability if the attacker controls one part of a website and can embed a form there. Then the password safe might enter and send the data to the attacker.
I don't think that this is a very likely attack, but at least in theory this could work.
Edit: Bitwarden protects against such attacks: