The authors study the security of popular password managers and their policies on automatically filling in web passwords. They examine browser built-in password managers, mobile password managers, and 3rd party managers. They observe significant differences in auto fill policies among password managers. Several auto fill policies can lead to disastrous consequences where a remote network attacker can extract multiple passwords from the user's password manager without any interaction with the user. They experiment with these attacks and with techniques to enhance the security of password managers. They show that their enhancements can be adopted by existing managers.