Many modern browsers/browser plugins have features to automatically fill-in user passwords without user involvement, saving them in the browser or in the cloud. From a security standpoint we recommend disabling these types of features in your environment.
Automatic Auto-fill can retrieve and inputs passwords without any human interaction (i.e. a human first initiating the action and selecting the target field).
In its place we would recommend using Auto-Type, which can be used with the MacOS client and KeePass for Pleasant Password Server. Auto Type requires user input to place credentials in a field, rather then doing so automatically in a field which may be compromised or spoofed.
The potential security concerns with enabling Automatic Auto-Fill are:
Possible methods of reducing risk to your organization:
Consider locking down browser settings & plugins for your organization:
Recent Industry References: