A quick search on Google shows how easy it is to find how to crack into a system by using a form on a website. To prevent misuse of data, websites have implemented various security measures like limiting the number of attempts of entering a password and not storing the password in clear text in case the data is being viewed by a third party. However, those measures may not be applicable to enterprises. In such cases, enterprises have an option of disabling the auto-completion feature on sensitive fields in their web forms. This may reduce the risk of data leakage to a certain extent. However, disabling the feature may lead to various issues, like users not being able to complete forms via mouse or touch, which is not a reliable method of completing a form in enterprise environments. In such cases, enterprises can disable the feature in favour of a more reliable option.
SecurID
- A Secure Browser for Enterprise
If a user is unable to use their mouse or touch to complete a form, enterprises can use a secure browser. The most commonly used secure browser is the SecurID browser. It is an extension that replaces the existing browser with one which does not support auto-completion or auto-fill. It acts as a barrier between passwords and keystrokes. In other words, even if the website has been compromised and the website’s administrator has authorized it to send data directly to servers without any encryption, SecurID will still prevent unauthorized parties from capturing that data. Additionally, this method prevents rogue employees from being able to view sensitive information in case they are using enterprises’ computers at work.
Auto-Completion on Sensitive Fields in Forms
While auto-completion on sensitive fields in forms is a helpful feature, sometimes it can become a security issue. For example, if the password field for a web form is enabled for autocomplete, it means that when users prefer to enter their password via mouse or touch, the password will be revealed to anybody who happens to view the website. This is not a reliable option in enterprise environments where data must remain private and confidential.
As an alternative, enterprises can disable auto-completion on sensitive fields in forms and use one of the following options:
1. Use keyboard shortcuts like CTRL+SPACEBAR instead of using the mouse or touch input to complete a field
2. Have users complete forms via text boxes which are visible only when they are being edited so that no other user can view them without editing the form themselves
3. Use HTML5 input types which allow users to create custom inputs with unique attributes like required fields which cannot be changed by any other user
Disable Form Auto-Completion in Office 365
If you are using Office 365, it is easy to disable the auto-completion feature from within the admin console. You can do this by heading over to the Security & Compliance section and then clicking on the Forms tab. In here, click on the Configure Auto-completion Settings link under Default Settings.
The options given in this section allow you to specify when a form should show auto-completion functionality and also allows you to specify which fields should be available for auto-completer functionality. That way, if your forms have important data that cannot be left unprotected, you can select only those fields that are critical and disable the rest of them.
Alternatively, you can also completely disable auto-completion altogether by selecting Never Enable Auto-Completer under Auto-Complete Options. This will make all fields in your web forms inaccessible for auto-completer functionality. For example, if your website does not require any password input and there is no sensitive information in any field at all, disabling auto-complete functionality will not hamper users from completing your web forms with their mouse or touch inputs.
Disable Autocomplete on Login Forms
If a website has implemented a password strength indicator on their login forms, that feature can also be disabled. What’s interesting is that the feature doesn’t store the passwords in clear text. Thus, if a website has an option to disable this feature, there is no need for companies to worry about data leakage. For example, Google allows users to disable autocomplete on login forms by clicking on ‘Show Passwords’ from the options given when logging into a Google account. It may not be quick or easy for enterprise customers to navigate around and disable autocomplete on login forms because they might not have that power. However, there are various other methods of completing login forms which are more reliable than auto-completing them via mouse or touch. Think about how you complete your form: Do you use a mouse? Is it easier for you to complete your form with your hands? If so, what do you use your mouse for? If not, what is your preferred method of completing the form?
Timeline
Published on: 10/17/2022 16:15:00 UTC
Last modified on: 10/19/2022 14:59:00 UTC