WARNING! Ongoing Security Flaw In Popular Browsers
Safari, Firefox and Chrome Browsers
Password Security Managers
Tracking firms are able to exploit your browsers password security tools. The tracking firms are using our data for targeted advertising.
AdThink and OnAudience, are designed to gather data from our browsers password managers to track users.
The plugins focus on people's user names and emails. The plugins have no safeguards to protect a person's sensitive data, like passwords, user names and emails.
Professor Arvind Narayanana a computer science researcher from Princeton say's it won't be easy exploit to fix. The only way I can figure out how to protect my data is keep all my passwords off my computer.
This particular kind of password has been going on for 11 years and no one has tried to fix them. My husband never keeps his passwords on his computer. Now I am going to have to follow his example, which is a pain in the neck. I will have to write down all my passwords that deal with sensitive information. I don't keep any of my crypto data on my computer, which I am thankful I did do a little due-diligence. The problem for me is I am horrible at writing down the correct passwords, maybe I will print them out instead. But I think printers are easier to break into than browsers so I've been very hesitant to use one. I have a printer but I am going to have to research a little bit more, I think they store the images they copy. I read there is a limited buffer so if you print a bunch of useless images the past data will be erases.Most of the problem has to do with the website using the plugins. The professors says he would like to see publishers take more responsibility for their third party plugins on their web sites.
Right now there is no control regarding what kind of third-party scripts are allowed.
Login details are stored on web browsers, some of the most popular are Google Chrome, Firefox, or Safari, which can store your passwords. For me this has been an easy way to manage my passwords However, I have always felt uneasy about storing important information in my browsers folders. I've been on the internet a long time and I know it's hard to keep secrets here. Especially when dealing with sensitive information, now that Cryptocurrencies are becoming wealth building tools we all have to double up on our security.
Credits
Thus, third-party javascript can retrieve the saved credentials by creating a form with the username and password fields, which will then be autofilled by the login manager. Why collect hashes of email addresses? Email addresses are unique and persistent, and thus the hash of an email address is an excellent tracking identifier. A user’s email address will almost never change — clearing cookies, using private browsing mode, or switching devices won’t prevent tracking. The hash of an email address can be used to connect the pieces of an online profile scattered across different browsers, devices, and mobile apps. It can also serve as a link between browsing history profiles before and after cookie clears. In a previous blog post on email tracking, we described in detail why a hashed email address is not an anonymous identifier.
This is a constant reminder what we are up against.
Thanks for the reminder.
You are welcome @pouchon, have a safe and secure day!
Thanks for sharing. Didn't know about this. Must be alert all the time.
I just cleaned out my browser cache's and installed a keypass with good reviews.
Good idea, your husband has! I keep all mine written down in a safe place!
We keep our keys and passwords in multiple places and offline devices. I just suck at it because I am lazy...now I am going to make an effort to clean up my browsers...sigh
I know the feeling! Fortunately I have a great memory for those things so I have them in my head. All of the sites that pertain to money I change the passwords every week- so that gets confusing... I keep wanting to use last week's and can't figure why it doesn't work!
I can't remember lettres or numbers very well...sigh, I'm kind of jealous :P
oh thanks for sharing about this thing we need to be aware of this wouldn't know about this if you had not shared this thanks a lot
We need to stay aware, no one is going to take care of our safety on an individual level except for the individual.
Very true! No one else cares.
Now I'm worried about the safety of my Steemit account :P
Yeah, my browser holds the keys, kinda scary. So the only way to protect them is to hold them in a secure place or manually type them in and tell your browser not to save. But also your email address is tracked and can be used to track your multiple exchange sites if your email is used to register.
Thanks for posting this-- it's wise to be careful with what you store on your devices. I keep thinking the best thing might be to get one of the secure password manager that supposedly are hacker proof. I haven't looked into it enough yet, but need something that's more viable than typing in a password for 47 different sites!
Bright Blessings!
I have keypassX but I still haven't figured out how to use it....I'm kinda clueless regarding this stuff so I am researching!
I have all of my banking passwords written but have kept my steemit info in a document since those passwords are SOOOOO long! can't imagine hand entering my steemit and bittrex passwords all the time, is it safer to send in an email to myself (of course not naming what the psswrds belong to)?
There are password managers that will not give away your email and password that is a plugin for your browser that will auto fill for you. There is a link on my post that says "Test Attack On Demo Page," you can see what kind of information your browser is giving away. I can't tell you what kind of data manager to use though. I don't know enough.
ok thanks, this is very helpful!
Did you keep that long Steemit password you got or did you change it?
if like this we should be careful in using this friend.
so how also so that our password can not be traced,
is there a sister way.
Don't store you passwords on your computer is the safest way, don't use your browsers password manager, this includes any digital device that uses a web browser.
oo yaya, so we better just write it somewhere else so it will be safer yes sister.
thank you yes brother has given information that is very useful for all.
Developers are getting whether lazy , or they are not paid enough to mantain ordinary traffic on the browsers . Personal opinion.
That could be true, or they make too much money from companies and governments that need that data.
How you are today, you are really full of energy, just doing something.
I am doing my New Years fasting and you noticed the uptick in my energy....now that is freaky psychic lololol
You are very cool lady :)
I don't know why yet, besides your constant kindness, I think you are cool too @dobartim. It is a nice feeling for this old tired heart <3
You have sense for people
You can still use an external password manager like 1Password which doesn't autofill data.
Also it seems that blockers like AdBlock or NoScript might mitigate this kind of attack as well.
I use add blockers a lot but I don't trust them lololol...I'm really kinda paranoid now that I have thousands of potential dollars floating around on the blockchains ....I keep my passwords on a USB, which seems to be the easiest for a knucklehead like me.
Do you encrypt the USB drives?
You could also use a hardware wallet which hides private keys making them inaccessible from your PC.