You May Not Want to Use Your Password Manager’s Auto-Fill. Here’s Why and What to Do Instead

The article discusses a security vulnerability in password managers' auto-fill feature. Clickjacking, a type of web-based attack, has been shown to be capable of extracting information from password managers using the auto-fill function. The attack works by creating an invisible layer over a legitimate website, tricking the user into interacting with the hidden layer instead of the visible site. This allows the attacker to capture sensitive information, such as login credentials, that are automatically filled by the password manager. To mitigate this risk, the article recommends against using the auto-fill feature of password managers. Instead, it suggests manually entering login credentials, or using a password manager that offers a "copy-and-paste" option rather than auto-fill. Additionally, users are advised to be cautious of suspicious websites and to enable two-factor authentication whenever possible to enhance overall account security.