Never allow your browser to save your password, and here’s why

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

One of our lead Ethical Hackers is at a client’s office performing security testing, and notices someone left their computer unattended and unlocked.

We want to see if we can get a password to the client’s portal  (in our example we have shown Yahoo mail to maintain our strict confidentiality policy for our clients).

We go to the portal and see the password is saved:

Right click IN Password Field and choose “inspect element”:

Look for type =”password”

Double click where it says password type in text and hit “enter”:

Now we have their password, as shown below in the password field:

This account is now compromised, and if they reuse passwords (which many people do) we could also gain access to other accounts that belong to them! This is a great example of “what not to do” to share in your security awareness training for users.

Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform

Search