Auto-Apply on Naukri & LinkedIn Without Sharing Your Password

A reader emailed me last week. She had been job hunting for six weeks, sent maybe forty applications total, and decided to try auto-apply tools to push that to forty a day. She tried five products. Every one asked for her LinkedIn password. She does not have a LinkedIn password. She signs in with Google.

That is not an edge case. A large share of Indian LinkedIn users sign up through Google, and Naukri has accepted Google sign-in for years. For all of them, every password-based auto-apply tool hits the same wall: “enter your password to continue.” There is no password to enter.

We shipped the fix for this. ApplyCove’s extension captures your existing browser session and hands it to your account, encrypted. Your portal password never gets typed into ApplyCove, because there is nothing to type. Here is how it works and why it is the safe option, not the scary one.

The sign-in problem nobody designs for

Auto-apply tools went password-only because it is the easy path. To log in on a server, you need credentials, so the default is: ask the user, store the password, replay it later. That model quietly excludes three groups.

1. Google sign-in users. They never set a portal password. There is nothing to share.
2. 2FA users. A password alone will not get the server in, and the server cannot read the SMS code off your phone.
3. Security-minded users. They are not going to hand a third-party SaaS the password they reuse across other sites.

The first group is locked out entirely. The second hits brittle “wait for OTP” flows that fail constantly. The third never signs up. Together that is most of the people who would actually benefit.

Why the existing options fall short

• Password-required SaaS tools (most of them) run automation on their servers using your stored password. Fine for the password-only minority, useless for everyone else.
• In-page scrapers install an extension that clicks around inside your own Naukri or LinkedIn tab. No password needed, but they touch the page, which is exactly what portal anti-automation is built to detect, and they cannot run while the tab is in the background, so you have to keep it open and watch it.
• Desktop apps drive a local browser with Selenium. Slow, fragile across Chrome updates, RAM-hungry, and poorly isolated from everything else on your machine.

None of those work for someone who signs in with Google and wants applications to keep flowing while they sleep.

How the ApplyCove extension works

The extension does exactly one thing: it reads your existing session and uploads it, encrypted, to your account.

1. Install the extension from the Chrome Web Store.
2. Log in to Naukri or LinkedIn the way you already do. Google, magic link, password, OTP, it does not matter.
3. Open the ApplyCove popup and click Sync. The extension reads the session cookies via the standard chrome.cookies API and localStorage from your open portal tab.
4. That session is AES-256 encrypted in your browser, then uploaded.
5. The job worker uses it to log in on isolated infrastructure and start applying. You watch the live session in your dashboard.

The extension never clicks anything on a portal page, fills a form, or changes content. It reads what your browser already stores and hands it to your account. The applying itself runs server-side, at human pace, the way it always has.

The security model, plainly

Session cookies are bearer tokens: anyone holding a valid one can act as you, which is exactly why the OWASP Session Management Cheat Sheet treats them as sensitive as credentials. So we do too.

• Encrypted in transit over TLS, and encrypted at rest with AES-256-GCM on every session blob.
• Decrypted only in memory, only during an active session, on an isolated worker, never written to disk.
• One-click delete. Settings, Connected Accounts, Disconnect wipes the blob immediately.
• Never sold or shared. It only ever goes to your own worker session.

Here is the honest framing, and it is the opinion I will stand behind: this is safer than the password model, not riskier. Your password never enters our system, so it cannot leak from it. The worst case if our database were breached tomorrow is the same surface area as your browser cookies leaking, which is a risk you already live with by being logged in. The full data-handling policy is at /extension-privacy, and the extension is upfront about its permissions: cookies, scripting, tabs, notifications, nothing more.

Install in under a minute

1. Install the extension from the Chrome Web Store and pin it.
2. Sign in to ApplyCove in the popup (it auto-detects an existing session in the same browser).
3. Log in to the portal in any tab, return to the popup, click Sync now. The row updates to “Synced just now”. Repeat for the other portal.

From there, every scheduled session uses the synced session to log in. When it eventually expires, the dashboard flags it and you click Sync again. No password, ever.

Who this is for

If you sign in with Google, this is the first auto-apply product you can actually use, with no “create a password just for this tool” workaround. If you use 2FA, the session is captured after the 2FA step, so there is no flaky OTP-wait to fail. And if you are simply careful about your data, there is finally a version of this that does not ask you to trust a SaaS with a reused password.

The Chrome extension is the only way to connect a platform on ApplyCove, because we do not accept passwords for Naukri or LinkedIn. If you are new here, start with a free plan and install the Chrome extension. For the specifics per platform, see the Naukri auto apply tool and LinkedIn Easy Apply automation pages.