You’re sick of hearing this. The exhortations didn’t work in 2013 and they’re not going to work now. Sure. But the truth is that you need a password manager, and it’s worth it to take the time to set one up. At this point, even their shortcomings prove how vital they are.
Research published last week through Princeton’s Center for Information Technology Policy highlights a problematic feature in many browser-based password storage tools that’s actually being exploited by online advertising and tracking firms in practice. The issue is “autofilling,” whereby you store your usernames and passwords with your browser so it can fill in and submit those fields instantly on your behalf. This is convenient for safe sites, but has never been ideal security hygiene. Especially now that researchers have found third-party scripts built to prey on the autofill feature, harvesting email addresses for advertising and user tracking.
“Sometimes you find