
Autofill abuse of web logins - herodotus
https://senglehardt.com/demo/no_boundaries/loginmanager/index.html
======
pmontra
The best protection against this kind of attacks is disable autofill in the
browser and use a password manager, best if an offline one.

I always disabled autofill in every single browser since the dawn of the web
because it looked like a bad idea and a potential source of troubles. Storing
sensitive information in a piece of software which is directly exposed to the
world and also letting everybody with access to my keyboard connect to every
site as me? No, thanks.

