Security risk/Brave always saving usernames and login IDs

Hopefully I have the bases covered. I believe there is a security risk with latest version of Brave, which I run on Win 7:
Version 1.31.91 Chromium: 95.0.4638.69 (Official Build) (64-bit)

I have set Brave to never auto sign-in but it does anyway, saving my username which I absolutely do NOT want to do, esp with a banking or investments site. Sometimes it prefills and sometimes not, with no changes in settings. Is this a bug? I cannot believe that this sort of thing is normal, especially on so important a topic. Please let me know how to stop this from occurring!

Best regards -
Rob

2 Likes

I recommend disabling autofill of all types, if you haven’t already.

If you are running Windows 7 you may have a lot bigger security issues.

But setting that aside, saving and auto-filling the username isn’t the same as signing into a web site. Are you saying you are being logged in automatically or is it just pre-filling the form field for you? And just for username, or for password also?

Also note that the data for this are stored locally so it shouldn’t be getting sent anyplace until you submit the form.

It should not save un in ANY case. Why havent people taken issue with this? Remember that a UN is simply one of two passwords. What is the point of security if someone can sit down at your laptop and begin typing letters in the UN field until it pops up a prefill choice. This is poor design and the autofill setting being off obviouslynis not working, at least with this ver on Win7. Needs fixing.

FWIW, I’m on Win7 and not having this problem.
I’m also configured to clear cookies on exit.

A site may save information you entered in a cookie and pre-fill something with it later. This is separate from autofill.

Because I clear cookies on exit, I only see this if I go back to the site within the same session. If you’re a total security paranoid like me, clear cookies on exit.

BTW, this is not a Brave peculiarity, and I handle it the same on other browsers I use.

Not sure on that. My bank says they would never set a user to autofill, for obvious reasons. So it must be the browser since its set to never save login info. You never get autofill when putting in your username? I will try another browser if necessary because this is a big deal…hate to lose Brave tho.

You can disable auto-fill and there is an option under the Clear browsing data tool to erase auto-fill entries.
But it will be useless if you’re using a password manager extension.

It’s not “autofill” just a session cookie.

I dont think the bank would want to store and reuse login ids in a cookie or cache memory.

You can check your bank’s website cookies expiration date.

The cookie is how they know you are still logged on between clicks, but it is supposed to expire eventually. There is no other way

There is no constant “connection” like with a telephone.

Why not delete cookies on exit (like I do).

I guess I am not clear. Cookies dont matter. Brave settings dont matter. My login ID comes up everytime and every scenario. I will confirm with bank that they are not doing this, which would amaze me. Ya’ll know how tough financial institutions make it to connect, which is understandable. Thanks.