This article needs additional citations for verification. (November 2022)
Autofill is a function found in some computer applications or programs, typically those containing forms, which prefills a field automatically and can save a user time.
Autofill is frequently found in web browsers, used to fill in web forms automatically. When a user inputs data into a form and subsequently submits it, the web browser will often save the form's contents by default.
However, when a password field is detected, the web browser will typically ask the user for explicit confirmation before saving the password in its password store, often secured with a built-in password manager to allow the use of a "master password" before credentials can be autofilled.
Most of the time, such as in Internet Explorer and Google Toolbar, the entries depend on the form field's name, so as to not enter street names in a last name field or vice versa. For this use, proposed names for such form fields, in earlier HTML 5 specifications this RFC is no longer referenced, thus leaving the selection of names up to each browser's implementation.
An individual webpage may enable or disable browser autofill by default. This is done in HTML with the
autocomplete attribute in a
<form> element or its corresponding form elements.
<!-- Autocomplete turned off by default --> <form autocomplete="off"> <!-- This form element has autocomplete turned on --> <input name="username" autocomplete="on"> <!-- While this one inherits its parent form's value --> <input name="password" type="password"> </form>
It has been shown that the autofill feature of modern browsers can be exploited in a phishing attack with the use of hidden form fields, which allows personal information such as the user's phone number to be collected.
- "Password Manager - Remember, delete and edit logins and passwords in Firefox". Firefox Support.
- "Autofill: What web devs should know, but don't". Cloud Four.
- "Browser Autofill Profiles Can Be Abused for Phishing Attacks". Bleeping Computer.