US Patent 11768955 Mitigating insecure digital storage of sensitive information

Examples described herein attempt to mitigate risk associated with digitally storing sensitive information (e.g., passwords) in insecure applications and transferring the stored sensitive information to a sensitive information field (e.g., a password field in a login page). A computing device may detect a transfer to a sensitive field. The computing device may determine if a source application for the transfer is an insecure application. If the source application is an insecure application, the computing device may provide a risk mitigation action. The computing device may also transmit to an analytic server telemetry data comprising the identification of the source application, identification of a target application containing the sensitive information field, and a username associated with the computing device. The analytic server may calculate risk score based on the received telemetry data and provide further risk mitigation actions to the computing device.