How to Use Autofill Safely
Despite the risks, you don't have to give up autofill entirely. With the right configuration, you can enjoy the convenience while minimizing the dangers. Here's how to configure autofill safely in major browsers:
Google Chrome
- Go to Settings > Autofill and passwords
- Under Google Password Manager, review and remove any outdated or duplicate entries
- Under Payment methods, disable "Save and fill payment methods" if you prefer not to store credit card info in the browser
- Under Addresses and more, disable "Save and fill addresses" if you want to prevent address autofill
- Consider enabling "Offer to save passwords" but manually review each save prompt
Mozilla Firefox
- Go to Settings > Privacy & Security
- Under Logins and Passwords, uncheck "Autofill logins and passwords" if you want manual control
- Enable "Use a Primary Password" to require authentication before autofill works
- Under Forms and Autofill, configure which types of data Firefox can autofill
Safari
- Go to Safari > Settings > AutoFill
- Choose which categories of information to autofill (contact info, usernames and passwords, credit cards)
- Safari integrates with iCloud Keychain, which requires Face ID, Touch ID, or your device passcode before autofilling sensitive data
Microsoft Edge
- Go to Settings > Profiles > Passwords
- Toggle off "Offer to save passwords" if using an external password manager
- Under Payment info and Addresses and more, configure which data types to save and autofill
Password Manager vs. Browser Autofill
One of the most important security decisions is whether to use your browser's built-in password manager or a dedicated password manager like Bitwarden, 1Password, or KeePass.
Why Dedicated Password Managers Are Safer
- Domain matching - Password managers only autofill on the exact domain where the password was saved, providing strong phishing protection
- Encrypted vaults - Your passwords are stored in an encrypted vault protected by a master password
- Cross-browser support - Work consistently across all browsers and devices
- Manual fill option - Most allow you to click to fill rather than auto-filling, giving you more control
- Password generation - Built-in tools to generate strong, unique passwords for each site
- Security auditing - Alert you to reused, weak, or breached passwords
Finding the Right Balance
Security and convenience exist on a spectrum. Here's a practical approach to finding the right balance:
- Use a dedicated password manager for login credentials. Disable your browser's built-in password saving to avoid conflicts and reduce attack surface.
- Disable autofill for sensitive financial data like credit card numbers. The few seconds it takes to type them manually is worth the added security.
- Keep address autofill enabled selectively - It's lower risk and saves significant time on shipping forms.
- Always verify before submitting - After autofill populates a form, review the fields before clicking submit to ensure nothing unexpected was filled in.
- Regularly audit saved data - Periodically review what your browser and password manager have saved, and remove outdated or unnecessary entries.
The Takeaway
Autofill isn't inherently dangerous, but using it carelessly can expose you to real risks. The key is to be intentional about what you allow to be autofilled and where.
By using a dedicated password manager for credentials, disabling browser autofill for sensitive financial data, and staying aware of the forms you're filling out, you can enjoy most of the convenience of autofill while significantly reducing the security risks.
Remember: convenience features are only useful if they don't compromise your security. Take a few minutes to configure your autofill settings properly, and you'll have a much safer browsing experience going forward.