Print This Issue

One Step Ahead
December 18, 2007, Volume 54, No. 16

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Asking Your Web Browser to “Remember” You: 
A Dangerous Idea

This time of year, you may be doing more online shopping than ever.  And, when visiting many major web sites, you may be prompted to save your username and password to make future visits more convenient. Do not check the “remember me” box or similar function—especially at public or shared computers—because if you do, you create an unnecessary privacy and security risk. 

Remember that websites prompting you to save your password often hold other information such as your address, e-mail, phone number, and maybe even credit card or other financial data.  If you save your password in your browser, anyone who accesses your computer can use the stored password to obtain your private information and use it to commit fraud or theft.  Also, stored passwords can be stolen by viruses and worms.

Needless to say, you should also never save your PennKey password, or passwords for other University systems, in your browser, since this would put Penn data at risk for unauthorized access and use. 

Here is how you can remove stored passwords from your web browser:

Mozilla/Netscape 7.x: First, click on the “Tools” menu, choose “Password Manager,” then choose “Manage Stored Passwords.” You should see a list of sites for which you have chosen to store a password. You can look through the sites one by one until you find the site/password you wish to remove or you can simply click “Remove All.”

Internet Explorer: Go to Tools, Internet Options, Content, Personal Information, AutoComplete. Make sure AutoComplete is not enabled for “Forms” or “User names and passwords on forms.”

On OS X, from the Explorer Menu, select Preferences, Network, Site Passwords, and manage your passwords from there.

Firefox: From the Tools menu, choose Options. Click Privacy on the left. Make sure “Remember Passwords” is unchecked under Saved Passwords. Click Clear to delete all saved passwords. Alternatively, click View Saved Passwords to remove.

Safari: From the Safari menu, choose Preferences. Click the Autofill tab. Click the Edit button next to Usernames and Passwords, and manage your passwords from there.
If you have questions regarding the above contact security@isc.upenn.edu.


To receive weekly OneStepAhead  tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message:  sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - December 18, 2007, Volume 54, No. 16