Wednesday, August 20, 2008

Security And The Auto Complete Feature

by: Scott Lindsay

The security of your computer is important on both private as well as business applications.

Many have found the use of the auto complete features associated with many browsers a popular way to avoid keystrokes. After all what could be more convenient than simply filling in a form for informational purposes and allow that saved information to be brought up with a single click?

The auto complete feature is especially popular with email programs. You simply type a few letters related to the email address and if it is in your system you may receive multiple choices that include those letters. You choose the correct email address and click send. The process is quick and has found many appreciative users.

Even word processors can use auto complete technology. For instance if you begin to type today’s date you may find a suggested date that you simply click saving some typing time. Many have come to rely on the feature to make checkout in ecommerce quick and painless.

I’d like to provide an argument for refraining from using some auto complete technology in the world of online business.

The use of this technology in a word processor is generally a great tool simply because it does not rely on any personal data and is primarily designed to assist in popular words, dates and letter writing.

However, when it comes to filling in a one-click web browser auto complete feature there are a couple of scenarios I’d like you to consider.

Barb owns a small, but growing online business. She hired Pam on a part time basis to help with product fulfillment. Pam was a good worker and was allowed to use the company computer from time to time. Without intending to do so Pam clicked a box that filled in auto complete data and she was able to view personal data that Barb might not have shared with Pam under other circumstances. Perhaps nothing ever happens with the data, but if Barb had to do it over again she may not have used auto complete.

Brian is a hacker. He doesn’t consider himself malicious although his actions may say otherwise. He tries to find ways into other computers to explore the holes that may exist in a system. As he is exploring one afternoon he found a vulnerability in Barb’s computer security. One of the pieces of data Brian may be looking for is to see if Barb has used an auto complete feature. He can gain plenty of information and has the potential to gain password information because Barb settled for convenience over caution.

Barb would never have given out this information to just anyone, yet more than one person has access to her computer and this information was easily obtained.

Many businesses are also disabling the ability for their computers to store and remember passwords. If a site is accessed where a password is stored it becomes very easy for a third party to investigate online accounts, buying habits and potentially make an online purchase under your name and using your credit information.

It may seem a small thing, but evaluating your use of auto complete technology may be an issue worth your attention.

No comments:

Post a Comment