Never allow your browser to save your password, and here’s why

One of our lead Ethical Hackers is at a client’s office performing security testing, and notices someone left their computer unattended and unlocked.

We want to see if we can get a password to the client’s portal  (in our example we have shown Yahoo mail to maintain our strict confidentiality policy for our clients).

We go to the portal and see the password is saved:

Right click IN Password Field and choose “inspect element”:

Look for type =”password”

Double click where it says password type in text and hit “enter”:

Now we have their password, as shown below in the password field:

This account is now compromised, and if they reuse passwords (which many people do) we could also gain access to other accounts that belong to them! This is a great example of “what not to do” to share in your security awareness training for users.

Foresite
Website | + posts

Sign up for our Newsletter

Receive weekly emails for the latest cybersecurity news

Expand your team with Foresite

Enterprise-level cybersecurity and risk management for mid-sized businesses. Prioritize your security tasks and reduce the complexity of cybersecurity. 

Upcoming webinar: CMMC 101 - What Businesses Need to Know - Oct. 12, 2022 @ 2pm EST

Search