After last-month’s warning about a blackmail password scam, you should know by now that having unique passwords for everything along with two-factor-authentication will put you on the right path to secure your accounts. But the question came up: what about using your web browser’s built-in password-remembering functionality? Is it a good idea? In a word, no.
While it may sounds nice to have your browser remember passwords for you, it’s not nearly as safe as using a dedicated password manager that is built for that purpose. For some browsers (especially older versions), there are openings for hackers to get at that data:
- Chrome: When a user is logged into their Google account (which happens fairly easily in new versions), Chrome will automatically save any passwords that user inputs. If somebody is able to gain access to that Google account, the entire list of passwords would be available to them via a web site. Even if the account isn’t logged in, there are tools to extract the passwords.
- Firefox: Firefox hides a user’s passwords utilizing low-level encryption, utilizing a single master password as the encryption key. However, because this encryption has such a low level, a brute force attack can break it. If someone is in possession of the device itself, they can access the passwords without having to log in, using tools like this.
- Internet Explorer: When Internet Explorer saves passwords, all it takes to expose them is a readily available tool. Here is one example.
Long story short, it’s best that you don’t use the browser’s built-in password saving features. While dedicated services like LastPass and 1Password aren’t perfect, they’re far better built for this type of thing, use much stronger encryption and are much safer than using the browser’s functions. So it’s best to turn them off:
- Google Chrome – Under the toolbar, select the menu and go into Settings. Scroll down until you can select Advanced, and from there, select Manage passwords (found under Passwords and forms). Turn off Auto Sign-in.
- Mozilla Firefox – In the menu, access Options. Select Privacy & Security and then find Forms & Passwords. Find the “Remember logins and passwords for websites option” and deselect it.
- Internet Explorer – First off, if you can avoid it, you shouldn’t be using Internet Explorer if you have a choice in the matter, considering it’s storied history of security problems. If you don’t have a choice in the matter, you will want to access the toolbar’s menus and select Internet Options. From there, click into Content, and select Settings (found under AutoComplete). Deselect both Forms and Searches and User names and passwords on forms. Save your changes by clicking OK.
- Microsoft Edge – Again, from the toolbar, select Edge Menu and from there, Settings. Scroll down to find View advanced settings. Under Privacy and services, deactivate Offer to save passwords, and under Manage passwords, deactivate Save from entries.
Concerned about your security? Weston is finalizing a new offering with a secure password manager integrated with fingerprint readers and other two factor methods for your business. This offering will make securely saving and entering passwords into websites, applications and even for logging into your machine much faster. Contact Weston today to discuss options for your business and to get more information about this new service.