Is it safe to store passwords in your web browser?

The Boss

PC

Is it safe to store passwords in your web browser?

browser, Chromium, Firefox, Google, Navigator, password managers, passwords, safe, save passwords, store, the Internet, web, Web browser

Safety and comfort are often at opposite extremes, so greater safety often comes with major drawbacks.

Passwords are a great example. On the convenience side, we have the ability to use the same password for everything from your bank’s website to a gardening forum and everything in between. And the best thing is that you can also use the same email address or username for all these accounts and thus have only one login to remember.

At the other extreme, that of maximum security, we find a different situation, in which each account is protected by a unique and complex password, and perhaps also by multi-factor authentication.

You probably already know that it’s not a good idea to use the same password for everything and try to use a different one for different websites and accounts. Since it is not possible to remember all of them, nor the password and username associated with each account, there are password managers.

Web browsers often have built-in password managers, but we don’t consider them as secure as using a dedicated password manager like Bitwarden or LastPass.

However, using a web browser’s password manager is still better than using the same password for everything, and there are certainly practical benefits. These are some of the benefits to consider.

1. It is already installed

If you use, for example, Chrome or Firefox, their built-in password managers are waiting to be used. No need to install Software additional or paying because they are free.

2. They work on all your devices

As long as you’re not using some weird browser that doesn’t offer desktop and mobile versions, the credentials you save in the browser will be available on any other device you use with the same browser. You’ll need to log in and enable the “sync” option for this to work, but that’s another plus.

3. They automatically generate strong passwords

Modern browsers suggest a complex password when creating a new account or changing an existing password. This avoids the temptation to reuse existing passwords.

4. Fill in access data automatically

When you visit a website, the browser automatically fills in your username and password so you don’t have to search and type them. It’s no different from standalone password managers, but it’s very handy.

But browser password managers aren’t necessarily the most secure option. Here we explain why.

1. They’re not as secure as dedicated password managers

Take Google’s password manager, built into Chrome, for example, because Chrome is by far the most popular web browser. That’s pretty good, but it doesn’t protect your passwords as well as it claims.

Unlike most dedicated password managers, Chrome doesn’t use a master password to encrypt all of your logins. (Note that some browsers use this and are therefore more secure, although you should always trust your browser provider.)

This makes your stored passwords in Chrome relatively weak against “local” attacks. For example, if someone knows you well and gets (or guesses) your Windows password, they can see all the logins stored in your browser’s password manager.

However, they don’t know your Windows password because you can walk away from your laptop or PC and leave it unattended. They can zoom in, access Chrome settings, and see all stored connections.

Passwords are erased, yes, but usernames and associated websites are not. They can visit any of these sites and sign in using Chrome’s autofill feature.

If you’re really smart, you can press F12 and use your browser’s dev console to remove the type=”password” code on the login page. This removes annoying whitespace characters and displays the password in all its glory.

2. The security of all your accounts is linked to that of your browser

Another risk is if you use the sync option to make these connections available on all your devices. This means that they are stored in the cloud and, even though they are encrypted, if anyone gets to hack your browser account, it will have access to all your identifiers.

So, if you are going to use their password manager and sync them across all devices, you must use two-factor authentication on your browser account.

Likewise, those stored credentials (and those of anyone else using the same browser password manager) could be stolen from a To hack and potentially decrypted.

3. Switching to other password managers isn’t always easy

If almacena cientos de inicios de sesión en el gestor de contraseñas de su navegador y luego decide cambiar de navegador o utilizar un gestor de contraseñas dedicado (que es lo que debería haber hecho en primer lugar, por supuesto), podría discover que no es tan easy.

There may be an export option, but it may not generate a file compatible with the browser or password manager you want to switch to.

Password managers themselves have their own pros and cons, of course. You may have to pay for one, and it may not be as easy and convenient as a browser password manager.

However, one of the advantages they have (besides being more secure due to the use of the master password) is that they can usually autofill login credentials outside of a browser. . This is especially useful on mobile devices for logging into apps.

They can also store more than just passwords. You can include notes with credentials or store other sensitive information, such as your passport details. A browser password manager won’t.

Leave a Comment