Examples described herein attempt to mitigate risk associated with digitally storing sensitive information (e.g., passwords) in insecure applications and transferring the stored sensitive information to a sensitive information field (e.g., a password field in a login page). A computing device may detect a transfer to a sensitive field. The computing device may determine if a source application for the transfer is an insecure application. If the source application is an insecure application, the computing device may provide a risk mitigation action. The computing device may also transmit to an analytic server telemetry data comprising the identification of the source application, identification of a target application containing the sensitive information field, and a username associated with the computing device. The analytic server may calculate risk score based on the received telemetry data and provide further risk mitigation actions to the computing device.