Leaking Passwords through the Spellchecker ,protected with 1Password ?

StJust
StJust
Community Member
edited October 2022 in 1Password in the Browser

in case you didn't read it
___Sometimes browser spellcheckers leak passwords:

When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled.

Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.

The solution is to only use the spellchecker options that keep the data on your computer—and don’t send it into the cloud.____
https://schneier.com/blog/archives/2022/09/leaking-passwords-through-the-spellchecker.html

in the comments:

_It’s good that some of the companies contacted about “Spell-Jacking” responded with mitigations.

In LastPass’ case, the remedy was reached by adding a simple HTML attribute spellcheck=”false” to the password field_

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

This discussion has been closed.