Republic of Korea: Personal Information Protection Commission published guidelines on enhancing security of auto-login services in web browsers

On 12 February 2025, the Personal Information Protection Commission (PIPC) published a guideline for enhancing the security of auto-login services in web browsers. The guideline requires browser providers to strengthen encryption of stored account credentials by integrating additional security layers into existing encryption mechanisms and ensuring encryption keys are stored separately. It was highlighted that a review found that while browsers encrypt stored credentials, vulnerabilities could expose them to theft if a device is compromised. Additionally, many users rely solely on passwords without enabling multi-factor authentication (MFA). To mitigate risks, the PIPC urged users to activate MFA, including one-time passwords (OTP), and highlighted that it will work with browser providers to promote these security practices.