The Personal Information Protection Commission announced on the 13th that it has decided to enhance the security of the 'auto-login' feature in major internet browsers such as Google Chrome, Microsoft Edge, and Mozilla Firefox.
The auto-login feature allows users to log in once and subsequently have their username and password automatically entered, enabling access without a separate authentication process. However, concerns have been raised about the risk of personal information theft alongside its convenience.
In response, the commission has inspected security measures in major browsers in collaboration with the Korea Internet & Security Agency (KISA) since May of last year, finding that while all browsers stored account information in an encrypted format, there is a possibility that the encryption could be compromised in the event of hacking or other attacks.
In particular, vulnerabilities in security were revealed as browsers store account information on servers, allowing users to utilize the auto-login feature on PCs or smartphones. It was also confirmed that the majority of users log in using only their username and password without setting up additional authentication methods like one-time passwords (OTPs).
Accordingly, the commission decided to collaborate with browser providers to improve the auto-login feature. First, it plans to enhance security by linking additional information to the existing encryption methods provided by the operating system (OS), and to adopt a method of storing encrypted account information separately from encryption keys.
Furthermore, the importance of users' security awareness was emphasized. According to the commission, less than 10% of users have set up additional authentication methods such as OTPs.
In this regard, the commission noted, "Users should actively utilize additional authentication methods such as OTPs when logging in," adding, "This measure will enable users of major browsers around the world, not just in Korea, to use the auto-login feature more securely."