home.social

#autofill — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #autofill, aggregated by home.social.

  1. @ScottHelme "This is mostly a list of things passkeys were never claimed to solve":

    1. You skipped the "private key never leaves the device" lie. Note that this vuln: seclists.org/fulldisclosure/20 is unfixed (see todon.nl/@ErikvanStraten/11655).

    The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: github.com/keepassxreboot/keep.

    Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: todon.nl/@ErikvanStraten/11565 (@timcappalli ).

    2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.

    3. "Passkeys are not magic": I don't see "what risks remain" in scotthelme.co.uk/passkeys-101- - which is why I objected.

    4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.

    #Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules

  2. @ScottHelme "This is mostly a list of things passkeys were never claimed to solve":

    1. You skipped the "private key never leaves the device" lie. Note that this vuln: seclists.org/fulldisclosure/20 is unfixed (see todon.nl/@ErikvanStraten/11655).

    The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: github.com/keepassxreboot/keep.

    Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: todon.nl/@ErikvanStraten/11565 (@timcappalli ).

    2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.

    3. "Passkeys are not magic": I don't see "what risks remain" in scotthelme.co.uk/passkeys-101- - which is why I objected.

    4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.

    #Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules

  3. @ScottHelme "This is mostly a list of things passkeys were never claimed to solve":

    1. You skipped the "private key never leaves the device" lie. Note that this vuln: seclists.org/fulldisclosure/20 is unfixed (see todon.nl/@ErikvanStraten/11655).

    The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: github.com/keepassxreboot/keep.

    Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: todon.nl/@ErikvanStraten/11565 (@timcappalli ).

    2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.

    3. "Passkeys are not magic": I don't see "what risks remain" in scotthelme.co.uk/passkeys-101- - which is why I objected.

    4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.

    #Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules

  4. @ScottHelme "This is mostly a list of things passkeys were never claimed to solve":

    1. You skipped the "private key never leaves the device" lie. Note that this vuln: seclists.org/fulldisclosure/20 is unfixed (see todon.nl/@ErikvanStraten/11655).

    The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: github.com/keepassxreboot/keep.

    Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: todon.nl/@ErikvanStraten/11565 (@timcappalli ).

    2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.

    3. "Passkeys are not magic": I don't see "what risks remain" in scotthelme.co.uk/passkeys-101- - which is why I objected.

    4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.

    #Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules

  5. @Tutanota : rubbish.

    Two WEAK locks may be LESS pointless than one WEAK lock, but they're still pointless. Go read csoonline.com/article/4147134.

    U2F has been superseded by FIDO2 (hardware keys in WebAuthn mode) and Passkeys (example in Dutch: todon.nl/@ErikvanStraten/11628).

    Both WebAuthn methods have advantages and disadvantages.

    If you don't like them, use a trustworthy passwordmanager and:

    • Let it create a unique, random, as long as possible, pw per account

    • Make backups of the pw mngr database

    • Device compromise means "game over"

    • Use Autofill (easy in Android and iOS/iPadOS)

    • If Autofill does not automatically retrieve your credentials, it probably is a fake (phishing) website. Do read troyhunt.com/a-sneaky-phish-ju

    Please stop misinforming people.

    #WeakMFAsucks #Weak2FAsucks #FIDO2 #WebAuthn #Passkeys #AutoFill #KeePassium #KeePassDX

  6. @Tutanota : rubbish.

    Two WEAK locks may be LESS pointless than one WEAK lock, but they're still pointless. Go read csoonline.com/article/4147134.

    U2F has been superseded by FIDO2 (hardware keys in WebAuthn mode) and Passkeys (example in Dutch: todon.nl/@ErikvanStraten/11628).

    Both WebAuthn methods have advantages and disadvantages.

    If you don't like them, use a trustworthy passwordmanager and:

    • Let it create a unique, random, as long as possible, pw per account

    • Make backups of the pw mngr database

    • Device compromise means "game over"

    • Use Autofill (easy in Android and iOS/iPadOS)

    • If Autofill does not automatically retrieve your credentials, it probably is a fake (phishing) website. Do read troyhunt.com/a-sneaky-phish-ju

    Please stop misinforming people.

    #WeakMFAsucks #Weak2FAsucks #FIDO2 #WebAuthn #Passkeys #AutoFill #KeePassium #KeePassDX

  7. @Tutanota : rubbish.

    Two WEAK locks may be LESS pointless than one WEAK lock, but they're still pointless. Go read csoonline.com/article/4147134.

    U2F has been superseded by FIDO2 (hardware keys in WebAuthn mode) and Passkeys (example in Dutch: todon.nl/@ErikvanStraten/11628).

    Both WebAuthn methods have advantages and disadvantages.

    If you don't like them, use a trustworthy passwordmanager and:

    • Let it create a unique, random, as long as possible, pw per account

    • Make backups of the pw mngr database

    • Device compromise means "game over"

    • Use Autofill (easy in Android and iOS/iPadOS)

    • If Autofill does not automatically retrieve your credentials, it probably is a fake (phishing) website. Do read troyhunt.com/a-sneaky-phish-ju

    Please stop misinforming people.

    #WeakMFAsucks #Weak2FAsucks #FIDO2 #WebAuthn #Passkeys #AutoFill #KeePassium #KeePassDX

  8. @Tutanota : rubbish.

    Two WEAK locks may be LESS pointless than one WEAK lock, but they're still pointless. Go read csoonline.com/article/4147134.

    U2F has been superseded by FIDO2 (hardware keys in WebAuthn mode) and Passkeys (example in Dutch: todon.nl/@ErikvanStraten/11628).

    Both WebAuthn methods have advantages and disadvantages.

    If you don't like them, use a trustworthy passwordmanager and:

    • Let it create a unique, random, as long as possible, pw per account

    • Make backups of the pw mngr database

    • Device compromise means "game over"

    • Use Autofill (easy in Android and iOS/iPadOS)

    • If Autofill does not automatically retrieve your credentials, it probably is a fake (phishing) website. Do read troyhunt.com/a-sneaky-phish-ju

    Please stop misinforming people.

    #WeakMFAsucks #Weak2FAsucks #FIDO2 #WebAuthn #Passkeys #AutoFill #KeePassium #KeePassDX

  9. 🧵1
    Draadje met screenshots: passkey aanmaken en gebruiken om in te loggen - gebruikmakend van de KeePassDX als wachtwoordmanager onder Android.

    Als eerste moet de app KeePassDX zijn geïnstalleerd (play.google.com/store/apps/det) en geconfigureerd (dat beschrijven voert te ver voor deze serie toots). Als enige: in de hoofdpagina van de database heb ik "mappen" aangemaakt met als namen "0-9", "ABC", "DEF" etc. om de zaak overzichtelijk te houden (zie de screenshot hieronder).

    Daaronder maak ik, per website, een submap aan (met de naam van die website zonder eventueel voorafgaande "www.").

    #KeePassDX #Android #AutoFill

  10. 🧵1
    Draadje met screenshots: passkey aanmaken en gebruiken om in te loggen - gebruikmakend van de KeePassDX als wachtwoordmanager onder Android.

    Als eerste moet de app KeePassDX zijn geïnstalleerd (play.google.com/store/apps/det) en geconfigureerd (dat beschrijven voert te ver voor deze serie toots). Als enige: in de hoofdpagina van de database heb ik "mappen" aangemaakt met als namen "0-9", "ABC", "DEF" etc. om de zaak overzichtelijk te houden (zie de screenshot hieronder).

    Daaronder maak ik, per website, een submap aan (met de naam van die website zonder eventueel voorafgaande "www.").

    #KeePassDX #Android #AutoFill

  11. 🧵1
    Draadje met screenshots: passkey aanmaken en gebruiken om in te loggen - gebruikmakend van de KeePassDX als wachtwoordmanager onder Android.

    Als eerste moet de app KeePassDX zijn geïnstalleerd (play.google.com/store/apps/det) en geconfigureerd (dat beschrijven voert te ver voor deze serie toots). Als enige: in de hoofdpagina van de database heb ik "mappen" aangemaakt met als namen "0-9", "ABC", "DEF" etc. om de zaak overzichtelijk te houden (zie de screenshot hieronder).

    Daaronder maak ik, per website, een submap aan (met de naam van die website zonder eventueel voorafgaande "www.").

    #KeePassDX #Android #AutoFill

  12. 🧵1
    Draadje met screenshots: passkey aanmaken en gebruiken om in te loggen - gebruikmakend van de KeePassDX als wachtwoordmanager onder Android.

    Als eerste moet de app KeePassDX zijn geïnstalleerd (play.google.com/store/apps/det) en geconfigureerd (dat beschrijven voert te ver voor deze serie toots). Als enige: in de hoofdpagina van de database heb ik "mappen" aangemaakt met als namen "0-9", "ABC", "DEF" etc. om de zaak overzichtelijk te houden (zie de screenshot hieronder).

    Daaronder maak ik, per website, een submap aan (met de naam van die website zonder eventueel voorafgaande "www.").

    #KeePassDX #Android #AutoFill

  13. @maaikees : unfortunately, no. If such a solution would exist, spammers and phisher-(wo)men would immediately start using it.

    Using an email provider with a good reputation *or* (evil) big tech is your best bet.

    Note: when switching email provider, first make a list of *all* websites where you have an account, either with the old email address as user-ID or another user-ID but where the old email address can be used for password resets.

    It's okay to create a new email address (using another provider and domain name), but do not close your old email account until it has been removed (or replaced by your new address) from all websites where it may be used to authenticate you.

    My advice: use a password manager (*). Apart from other advantages, if you record in it every site where you enter your email address, you'll have a nice overview of sites that know your email address.

    (*) Full list of tips:
    Dutch: security.nl/posting/912904

    English: see the list in todon.nl/@ErikvanStraten/11561

    #PasswordManager #AutoFill #PhishingPrevention #Phishing

  14. @maaikees : unfortunately, no. If such a solution would exist, spammers and phisher-(wo)men would immediately start using it.

    Using an email provider with a good reputation *or* (evil) big tech is your best bet.

    Note: when switching email provider, first make a list of *all* websites where you have an account, either with the old email address as user-ID or another user-ID but where the old email address can be used for password resets.

    It's okay to create a new email address (using another provider and domain name), but do not close your old email account until it has been removed (or replaced by your new address) from all websites where it may be used to authenticate you.

    My advice: use a password manager (*). Apart from other advantages, if you record in it every site where you enter your email address, you'll have a nice overview of sites that know your email address.

    (*) Full list of tips:
    Dutch: security.nl/posting/912904

    English: see the list in todon.nl/@ErikvanStraten/11561

    #PasswordManager #AutoFill #PhishingPrevention #Phishing

  15. @maaikees : unfortunately, no. If such a solution would exist, spammers and phisher-(wo)men would immediately start using it.

    Using an email provider with a good reputation *or* (evil) big tech is your best bet.

    Note: when switching email provider, first make a list of *all* websites where you have an account, either with the old email address as user-ID or another user-ID but where the old email address can be used for password resets.

    It's okay to create a new email address (using another provider and domain name), but do not close your old email account until it has been removed (or replaced by your new address) from all websites where it may be used to authenticate you.

    My advice: use a password manager (*). Apart from other advantages, if you record in it every site where you enter your email address, you'll have a nice overview of sites that know your email address.

    (*) Full list of tips:
    Dutch: security.nl/posting/912904

    English: see the list in todon.nl/@ErikvanStraten/11561

    #PasswordManager #AutoFill #PhishingPrevention #Phishing

  16. @maaikees : unfortunately, no. If such a solution would exist, spammers and phisher-(wo)men would immediately start using it.

    Using an email provider with a good reputation *or* (evil) big tech is your best bet.

    Note: when switching email provider, first make a list of *all* websites where you have an account, either with the old email address as user-ID or another user-ID but where the old email address can be used for password resets.

    It's okay to create a new email address (using another provider and domain name), but do not close your old email account until it has been removed (or replaced by your new address) from all websites where it may be used to authenticate you.

    My advice: use a password manager (*). Apart from other advantages, if you record in it every site where you enter your email address, you'll have a nice overview of sites that know your email address.

    (*) Full list of tips:
    Dutch: security.nl/posting/912904

    English: see the list in todon.nl/@ErikvanStraten/11561

    #PasswordManager #AutoFill #PhishingPrevention #Phishing

  17. Tự động hóa điền form chính phủ/portal tuân thủ (tiết kiệm 5-10h/tháng). Upload file, trích xuất & paste dữ liệu liền mạch. Cần góp ý giá (theo tháng/file?) và tính năng cần thiết. #AutoFill #GiaiPhapDigital #SaaS #TiếtKiệmThờiGian

    reddit.com/r/SaaS/comments/1qo

  18. Chrome extension mới giúp tự động điền đơn đăng ký, hiệu quả cho việc xin việc. Chỉ cần tải CV một lần, công cụ sẽ tự động phân tích và điền thông tin đúng vị trí. Tác giả đang tìm kiếm phản hồi để hoàn thiện.

    #ChromeExtension #Autofill #SideProject #CôngCụ #CôngNghệ #Chrome #TựĐộngĐiền

    reddit.com/r/SideProject/comme

  19. 🚀 Mở rộng Chrome Auto Clicker & Auto Fill – 200K+ người dùng
    Tự động hóa click, điền form không cần code, hoạt động mượt trên website động. Gọn nhẹ, ổn định, dùng cho QA, nhập liệu, tác vụ lặp lại.
    Hiện đã mở nguồn một phần, đang phát triển tính năng AI hiểu DOM.
    #giao_dien #tien_ich #chrome_extension #automation #productivity #dev #AI #AutoFill #Tự_động_hóa #Mở_rộng_Trình_duyệt

    reddit.com/r/SideProject/comme

  20. Google Chrome's autofill just got a whole lot more... helpful? It's now remembering loyalty card numbers and travel details by integrating with Google Wallet. Are we leaning into convenience or teetering on the edge of TMI? What's your take?

    Read more: cnet.com/tech/mobile/google-ch

    #GoogleChrome #Autofill #Privacy #TechNews #GoogleWallet

  21. Chrome browser's new enhanced autofill can now store your driver’s licenses, passports and VINs - hands-free convenience or a big risk waiting to happen? Learn why experts say you should pause and think before saving. 🔒

    Read: hackread.com/google-chrome-aut

    #Chrome #Autofill #Cybersecurity #Privacy #Google #BrowserSecurity

  22. Chrome browser's new enhanced autofill can now store your driver’s licenses, passports and VINs - hands-free convenience or a big risk waiting to happen? Learn why experts say you should pause and think before saving. 🔒

    Read: hackread.com/google-chrome-aut

  23. Chrome browser's new enhanced autofill can now store your driver’s licenses, passports and VINs - hands-free convenience or a big risk waiting to happen? Learn why experts say you should pause and think before saving. 🔒

    Read: hackread.com/google-chrome-aut

    #Chrome #Autofill #Cybersecurity #Privacy #Google #BrowserSecurity

  24. Chrome browser's new enhanced autofill can now store your driver’s licenses, passports and VINs - hands-free convenience or a big risk waiting to happen? Learn why experts say you should pause and think before saving. 🔒

    Read: hackread.com/google-chrome-aut

    #Chrome #Autofill #Cybersecurity #Privacy #Google #BrowserSecurity

  25. Chrome browser's new enhanced autofill can now store your driver’s licenses, passports and VINs - hands-free convenience or a big risk waiting to happen? Learn why experts say you should pause and think before saving. 🔒

    Read: hackread.com/google-chrome-aut

    #Chrome #Autofill #Cybersecurity #Privacy #Google #BrowserSecurity

  26. Một tiện ích mở rộng Chrome đang được phát triển để tự động điền biểu mẫu Google và Microsoft. Ứng dụng này sẽ học các câu trả lời của người dùng và sử dụng AI để giải đáp các câu hỏi mở. Sẽ có phiên bản miễn phí và trả phí. Hiện tại, nhà phát triển đang thu thập email cho danh sách chờ.
    #TiệnÍchChrome #ĐiềnFormTựĐộng #AI #CôngNghệMới #ChromeExtension #AutoFill #AItools #SideProject

    reddit.com/r/SideProject/comme

  27. Chrome's latest feature: autofilling your passport, driver’s license, and VIN! Because nothing says 'secure' like having all your sensitive data just a click away. What could possibly go wrong? 🤔

    #TechNews #Privacy #Chrome #Autofill #Security

    techcrunch.com/2025/11/03/chro

  28. @tychotithonus : while Erik was writing a response, his account was suspended.

    If and once his appeal succeeds, he'll finish what he wrote and reply to you in public.

    Erik does not have a split personality. Everyone will have to take him as he is.

    @ErikvanStraten @DevaOnBreaches

    #UseAPasswordManager #UseAutoFill #PasswordManagers #AutoFill #DVcerts #FrancescaAlbaneseIsRight

  29. @tychotithonus : while Erik was writing a response, his account was suspended.

    If and once his appeal succeeds, he'll finish what he wrote and reply to you in public.

    Erik does not have a split personality. Everyone will have to take him as he is.

    @ErikvanStraten @DevaOnBreaches

    #UseAPasswordManager #UseAutoFill #PasswordManagers #AutoFill #DVcerts #FrancescaAlbaneseIsRight

  30. @tychotithonus : while Erik was writing a response, his account was suspended.

    If and once his appeal succeeds, he'll finish what he wrote and reply to you in public.

    Erik does not have a split personality. Everyone will have to take him as he is.

    @ErikvanStraten @DevaOnBreaches

    #UseAPasswordManager #UseAutoFill #PasswordManagers #AutoFill #DVcerts #FrancescaAlbaneseIsRight

  31. @tychotithonus : while Erik was writing a response, his account was suspended.

    If and once his appeal succeeds, he'll finish what he wrote and reply to you in public.

    Erik does not have a split personality. Everyone will have to take him as he is.

    @ErikvanStraten @DevaOnBreaches

    #UseAPasswordManager #UseAutoFill #PasswordManagers #AutoFill #DVcerts #FrancescaAlbaneseIsRight

  32. @tychotithonus : while Erik was writing a response, his account was suspended.

    If and once his appeal succeeds, he'll finish what he wrote and reply to you in public.

    Erik does not have a split personality. Everyone will have to take him as he is.

    @ErikvanStraten @DevaOnBreaches

    #UseAPasswordManager #UseAutoFill #PasswordManagers #AutoFill #DVcerts #FrancescaAlbaneseIsRight

  33. “The researcher tested his attack on certain versions of 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass, and LogMeOnce, and found that all their browser-based variants could leak sensitive info under certain scenarios.”

    bleepingcomputer.com/news/secu

    #autofill

  34. “The researcher tested his attack on certain versions of 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass, and LogMeOnce, and found that all their browser-based variants could leak sensitive info under certain scenarios.”

    bleepingcomputer.com/news/secu

    #autofill

  35. “The researcher tested his attack on certain versions of 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass, and LogMeOnce, and found that all their browser-based variants could leak sensitive info under certain scenarios.”

    bleepingcomputer.com/news/secu

    #autofill

  36. “The researcher tested his attack on certain versions of 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass, and LogMeOnce, and found that all their browser-based variants could leak sensitive info under certain scenarios.”

    bleepingcomputer.com/news/secu

    #autofill

  37. “The researcher tested his attack on certain versions of 1Password, Bitwarden, Enpass, iCloud Passwords, LastPass, and LogMeOnce, and found that all their browser-based variants could leak sensitive info under certain scenarios.”

    bleepingcomputer.com/news/secu

    #autofill