Keepassxc-browser: [Question] Why is auto-fill considered insecure?

Created on 10 Mar 2018  路  4Comments  路  Source: keepassxreboot/keepassxc-browser

The settings state Warning! Using auto-fill is not safe. Use at your own risk. Could you elaborate?

Thanks a bunch for this extension, it's absolutely awesome.

picture christophetd

Most helpful comment

I think it'd be a good idea to put this information directly after the "Use at your own risk" warning, to give it some weight.

picture runiq on 25 Apr 2018
👍4

All 4 comments

There are proven cases of ad networks deploying fake hidden credential fields to steal your username and password. Disabling auto fill ensures user interaction is required to use your credentials.

droidmonkey picture droidmonkey on 10 Mar 2018
👍1

Could this be relaxed when "Automatically retrieve credentials" is disabled?
It seems kind of pointless in that case, since in that case there has already been user interaction.

mehrdadn picture mehrdadn on 16 Apr 2018

I can agree with that because to me it is cumbersome to click basically three times to fill the fields.

droidmonkey picture droidmonkey on 16 Apr 2018

I think it'd be a good idea to put this information directly after the "Use at your own risk" warning, to give it some weight.

runiq picture runiq on 25 Apr 2018
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Ana06 picture Ana06  路  4Comments
maniqui picture maniqui  路  3Comments
brwolfgang picture brwolfgang  路  4Comments
gwerbin picture gwerbin  路  4Comments
metaxis picture metaxis  路  3Comments