Though implementing endpoint security solutions to disable enhanced spell check features may be your best bet. Otto-js recommend website owners add “spellcheck=false” to all input fields to reduce the risk of sharing PII, and removing the ability to ‘show password' to prevent user passwords from being sent. Unfortunately, in this case, cyber security measures aren't that simple.
#Google chrome passwords found in data breach password
The best way to protect business data and login credentials is by following good cyber security measures like signing up for a secure password manager, investing in antivirus software,encrypting your internet traffic and masking IPs with virtual private networks ( VPNs). While it's unclear whether the data collected by spell check is done so securely, one thing we do know is that the best way to secure your passwords is to keep it hidden. An even more significant concern for companies is the exposure this presents to the company's enterprise credentials to internal assets like databases and cloud infrastructure. Some of the largest websites in the world have exposure to sending Google and Microsoft sensitive user PII (personally identifiable information), including username, email, and passwords, when users are logging in or filling out forms. Research, conducted by security firm otto-js, found that in cases where Google Chrome's Enhanced Spell checker, and the Microsoft Edge equivalent (Edge Editor) were enabled, all information entered in any form field, including usernames, DOB, SSN and passwords (via the ‘Show Password' field) were transmitted to Google and Microsoft third-party servers, potentially exposing your data. The security leak, coined ‘spell-jacking' refers to the potential exposure of Personally Identifiable Information (PII) via Enhanced Spell Check features in Chrome and Microsoft Editor to third-party servers.
0 kommentar(er)
