Browser beta

Passwords and forms

In the browser settings, you can manage parameters for saving passwords and Autofill:

  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      Settings.
  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Passwords and forms section, set the desired parameters.

Autofill settings

You may find yourself entering basic personal information on websites quite often. The Autofill function is enabled in Yandex.Browser by default so that the information is entered automatically:

  • The first time you enter personal information, the browser saves your name, mailing address, email address, telephone number, and other data, so that in the future you can fill in the corresponding boxes using a single click.
  • The next time you enter information, you see a list of previously saved texts for Autofill (text boxes with Autofill are yellow in the browser).

When entering a bank card number, the browser asks if this information should be remembered. If you give permission to save a bank card number, in the future the browser will enter it automatically when necessary. If you are not the only person who uses this computer and browser, we recommend that you not save information about your card.

Note. Addresses from your address book are used for Autofill in the version for Mac OS. If you do not want to use this feature, uncheck the option Include addresses from my address book.

Turn Autofill off or on
  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      Settings.
  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Passwords and forms section, enable or disable the Enable Autofill to fill out web forms in a single click option.
Create a new entry in Autofill
  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      Settings.
  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Passwords and forms section, click the Manage Autofill settings button.

  4. Click Add new street address or Add new credit card.
Change an entry in Autofill
  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      Settings.
  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Passwords and forms section, click the Manage Autofill settings button.

  4. Click the button
    [no-highlight[

    It appears when moving the mouse to the bar with the site‘s address

    ]no-highlight]
     Edit or double-click the entry.
  5. Make changes.
Delete an entry from Autofill
  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      Settings.
  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Passwords and forms section, click the Manage Autofill settings button.

  4. Click the icon
    [no-highlight[

    It appears when moving the mouse to the bar with the site‘s address

    ]no-highlight]
      in the right part of the row with the entry.

Tip. You can easily delete any of the suggested options for Autofill. To do this, select it in the list and press Shift + Del.

Delete all personal data from the Autofill list
  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      AdvancedClear history.
  2. In the Obliterate the following items from: list, select the beginning of time.

  3. Turn on the autofill form data option. If you only want to delete Autofill data while keeping the remaining data, turn off the other options.
  4. Click Clear browsing data.

Tip. To open the Clear browsing history window, press the keyboard shortcut Ctrl + Shift + Del (Windows) or + Shift + Del (Mac OS).

Managing passwords

When you enter your password on a website, the browser offers to save it for you. For future visits to this site, your saved password will be entered for you automatically.

If you choose the option Never for this site, the password is not saved, and the browser will not offer to save it again for this website.

View the list of sites with saved and unsaved passwords
  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      Settings.
  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Passwords and forms section, click the Manage passwords button.

Delete a site from the list of sites with saved passwords
  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      Settings.
  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Passwords and forms section, click the Manage passwords button.

  4. Click the icon
    [no-highlight[

    It appears when moving the mouse to the bar with the site‘s address

    ]no-highlight]
      to the right of the site's name.

Password phishing protection

Yandex.Browser applies additional password protection against:

  • Phishing. Hackers can create websites that look very similar to real ones . The user believes that this is a familiar website and enters a password. The malicious user gets the password and can use it to steal personal data or money.
  • Identical passwords. This is a serious security threat. By getting the password to one account, an attacker can gain access to all the other accounts.

    For example, if you use the same password for your online bank and for an online store, employees of the online store, unknown to you, can get access to your personal bank account.

    It is particularly dangerous to use the same password for HTTPS and HTTP websites. A password on an HTTP website is transmitted unencrypted and can be easily stolen by hackers, who can use it on an HTTP website to steal personal data or money.

Note. Yandex.Browser protects passwords on popular websites such as VK or Mail.ru. The browser makes a list of important websites, but you can add websites you need (for example, a website where you make online payments).
How this protection works

After you enter a password for an important website, the browser will create its fingerprint (hash) and save it in its database. When you enter passwords on other websites, the browser will compare their hashes with the database. If a match is found, before sending a password to the server the browser will ask you to confirm that you want to use the same password on several websites:

Adding a website to secured sites
  1. Right-click on the website page.
  2. In the context menu, select View Page Info. A window will appear on the screen listing all permissions for this page.
  3. Select Password phishing protection.
Disable protection
Attention! This is not recommended, as it will be easier for malicious users to access your personal information.
  1. Click the button
    [no-highlight[

    In the top right corner of the browser window

    ]no-highlight]
      Settings.
  2. In the lower part of the Settings page, click the Show advanced settings button.

  3. In the Passwords and forms section, clear the option Enable phishing protection.
  4. You can also delete all password hashes. To do this click Clear data.

Password hashing in Yandex.Browser

Passwords for important sites are saved by Yandex.Browser as hashes. Because passwords are not stored as plain text, malicious users will not be able to get access to your personal information even if they steal the password database.

Cryptographic hashing helps transform a password into a unique character sequence that can be easily used for password identification, but it is practically impossible to restore an original password using it. For example, the string “hello” after hashing can be transformed into the sequence “2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824”.

Yandex.Browser uses the SCrypt algorithm for hashing. This algorithm generates a hash using not only the central processor, but also multiple read/write operations in the memory. Such an approach makes it difficult to crack passwords, so as an example, a hacker will not be able to speed up brute force hacking using the video card processor. The SCrypt algorithm is used, for example, in LiteCoin crypto currency.

As a result, it will take a malicious user more than 100 years to match a six-digit password, including uppercase letters, lowercase letters, numbers, and special characters.

storing website passwords
password management
prohibit storing passwords
Autofill
turn off Autofill