Press "Enter" to skip to content

Mitigating Android’s “AutoSpill”/Autofill Credentials Leak

Are you afraid that someone’s out to steal your passwords from your phone? Well, they might be, but they’re probably not. Ars has published an article that explains it all.

Ya might’ve heard some of the brouhaha about about Android’s so-called AutoSpill Attack and how that’s put your passwords in danger of being stolen.

It turns out, according to Dan Goodin over at Ars Technica, that it’s not really an attack at all, nor is it really a vulnerability. What it is, is a danger for people who don’t think things through entirely when they use Android’s Autofill feature in conjunction with their password manager. In other words, using the Autofill feature with your password manager can be fine or can be very unfine, depending on what’s going on.

If this has got you worried and afraid that from here on in you’re going to have to type-in all of your super long/super safe passwords to keep them from being purloined, not to worry. You won’t have to do that, at least not all the time. Goodin has put together a FAQ that splains it all, so that you can know when it’s safe (and when it’s not safe) to autofill a password into a site that won’t let you in until you prove who you are.

You can read the FAQ here: How worried should we be about the “AutoSpill” credential leak in Android password managers?

Breaking News: