• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Other people's username password combos being saved

M

Mark Ingram

Flightless Bird
Hi,

A user in a 20 user office has two frequently used websites that store
username/password combos (as well as other data) of other users in the
office. The users all have their own domain user accounts and their own
computers.

What needs to happen to prevent other user's data from being
saved/pre-populating those fields?

Thank you,

Mark
 
V

VanguardLH

Flightless Bird
Mark Ingram wrote:

> Hi,
>
> A user in a 20 user office has two frequently used websites that store
> username/password combos (as well as other data) of other users in the
> office. The users all have their own domain user accounts and their own
> computers.
>
> What needs to happen to prevent other user's data from being
> saved/pre-populating those fields?
>
> Thank you,
>
> Mark


Why aren't these users logging under their own separate Windows account?
Even if they go wandering around to use other hosts, roaming profiles still
has them logging under their own domain account. Stop sharing accounts.
 
M

Mark Ingram

Flightless Bird
Hi VanguardLH,

Thanks for your reply. As I mentioned, "the users all have their own domain
accounts and their own computers".

Any ideas?



"VanguardLH" wrote:

> Mark Ingram wrote:
>
> > Hi,
> >
> > A user in a 20 user office has two frequently used websites that store
> > username/password combos (as well as other data) of other users in the
> > office. The users all have their own domain user accounts and their own
> > computers.
> >
> > What needs to happen to prevent other user's data from being
> > saved/pre-populating those fields?
> >
> > Thank you,
> >
> > Mark

>
> Why aren't these users logging under their own separate Windows account?
> Even if they go wandering around to use other hosts, roaming profiles still
> has them logging under their own domain account. Stop sharing accounts.
> .
>
 
V

VanguardLH

Flightless Bird
Mark Ingram wrote:

> "VanguardLH" wrote:
>
>> Mark Ingram wrote:
>>
>>> A user in a 20 user office has two frequently used websites that store
>>> username/password combos (as well as other data) of other users in the
>>> office. The users all have their own domain user accounts and their own
>>> computers.
>>>
>>> What needs to happen to prevent other user's data from being
>>> saved/pre-populating those fields?

>>
>> Why aren't these users logging under their own separate Windows account?
>> Even if they go wandering around to use other hosts, roaming profiles still
>> has them logging under their own domain account. Stop sharing accounts.

>
> Thanks for your reply. As I mentioned, "the users all have their own domain
> accounts and their own computers".


"A user in a 20 user office has two frequently used websites that store
username/password combos (as well as other data) of other users in the
office"

From that description, you need to act against this user and eliminate their
malware that is stealing login credentials. You have a hacking user
violating the privacy of other users and the company by somehow acquiring
their login credentials (perhaps using a keylogger) and uploading that data
to an off-domain website (so they can do a lookup as they wander around to
the various compromised hosts). As he wanders around breaking into these
hosts, the login credentials he reenters in the login fields of the web
browser are getting saved because the users of those host configured their
web browser to save the login credentials (i.e., the user enabled their web
browser's auto-complete function).

You will need to cleanup the infected hosts. You will need to take action
(termination, legal, or both) against this violative employee.
 
M

Mark Ingram

Flightless Bird
Hi Vanguard,

Perhaps I didn't explain things properly. She has absolutely no
self-interest in having another agent's info pre-populate fields in her
browser. She has to type over those fields every time she accesses these
vendor websites.

All she wants is for her info to populate these fields.

Thanks for any insight,

Mark

"VanguardLH" wrote:

> Mark Ingram wrote:
>
> > "VanguardLH" wrote:
> >
> >> Mark Ingram wrote:
> >>
> >>> A user in a 20 user office has two frequently used websites that store
> >>> username/password combos (as well as other data) of other users in the
> >>> office. The users all have their own domain user accounts and their own
> >>> computers.
> >>>
> >>> What needs to happen to prevent other user's data from being
> >>> saved/pre-populating those fields?
> >>
> >> Why aren't these users logging under their own separate Windows account?
> >> Even if they go wandering around to use other hosts, roaming profiles still
> >> has them logging under their own domain account. Stop sharing accounts.

> >
> > Thanks for your reply. As I mentioned, "the users all have their own domain
> > accounts and their own computers".

>
> "A user in a 20 user office has two frequently used websites that store
> username/password combos (as well as other data) of other users in the
> office"
>
> From that description, you need to act against this user and eliminate their
> malware that is stealing login credentials. You have a hacking user
> violating the privacy of other users and the company by somehow acquiring
> their login credentials (perhaps using a keylogger) and uploading that data
> to an off-domain website (so they can do a lookup as they wander around to
> the various compromised hosts). As he wanders around breaking into these
> hosts, the login credentials he reenters in the login fields of the web
> browser are getting saved because the users of those host configured their
> web browser to save the login credentials (i.e., the user enabled their web
> browser's auto-complete function).
>
> You will need to cleanup the infected hosts. You will need to take action
> (termination, legal, or both) against this violative employee.
 
Top