6 reasons not to save your passwords in a browser
Take the time to click OK when Chrome or Firefox prompts you again to remember your account login details.
1. Storing passwords in your browser is not secure
Built-in browser credential storage is a real security hole. If you leave your computer unattended, your passwords can be sniffed out from your browser by snooping around in your settings. Or use a special extension, which will simply turn the asterisks covering the automatically set combinations into legible characters.
This can be avoided by setting up a master password in the browser (it is not used by default). But special account managers will protect your data much better: they can make you enter the master password before each time you open the account database.
Some applications allow you to add another layer of protection – for example, the program will ask you for a special key file when you try to access your passwords. Or you can set up two-factor authentication – a simple but extremely effective way to keep your data safe.
2. No synchronization between different browsers
Nowadays, any self-respecting browser synchronizes bookmarks, logs, and passwords between all your devices. But if you use Firefox on your work computer, Chrome on your smartphone, and Safari on your Apple laptop, they naturally won’t share passwords with each other. You’ll have to switch to a single browser.
That’s why it’s better to put your credentials into a third-party manager once and for all. All popular password keepers are cross-platform and cross-browser. There is nothing easier than adding the necessary extension to all your web browsers and using the same password database in them.
3. Only passwords can be stored in the browser
Browser password manager’s data storage options are rather sparse. You can save only the combination, the login and the site address.
Third-party password managers are capable of much more. They can store notes, passphrases, license keys, Wi-Fi network data or SSH keys, for example. You can attach important documents, photos, copies of passports, driver’s licenses, and other sensitive information to your notes. All this will be securely protected.
In addition, password managers are better for sorting and organizing data: you can organize them into folders, give them arbitrary names and provide comments.
4. No password exchange function
Many managers – like LastPass – provide a way to quickly and conveniently share passwords. This is useful if you want to give your friends or family temporary access to some of your accounts – for example, so your spouse can pay bills through your bank account or your friends can watch a movie through your streaming service account.
You can also set up emergency access for people you trust in the Manager. If, for example, you find yourself in the hospital and your relatives need to access your passwords, they can do it even if you’re unconscious.
Browsers don’t have that capability. If you want to share passwords with someone, email them manually. That’s not very convenient.
5. There is no password strength check in the browser.
If you try to create an account with a weak password, the built-in tools will not warn you in any way. The browser will silently save any combination you enter – even 123. Random password generators are available only in Chrome and Safari, but they provide only the most basic features – the length and list of characters used are not adjustable.
Special applications are on top of their game, too. They have strong password generators with a lot of settings and parameters, and the combination is immediately evaluated for strength.
In addition, you can check all the keys you already have with a couple of clicks and decide which sites to replace them with. And, for example, LastPass, 1Password, Dashlane, and KeePass (with this plugin) can warn you if your password has been compromised. They also find duplicate keys that you’ve used on multiple sites at once and those that have leaked into public hacker databases.
Finally, each entry in the manager can be assigned an expiration date. And when it expires, you will be prompted to change your password. In browsers, on the other hand, old combinations can sour for years.
6. Your data is kept by a third party
When you save your password in Chrome or Firefox, it’s sent, albeit in encrypted form, to Google and Mozilla’s servers. This state of affairs is not very appealing to people who prefer to keep their confidential information in house and not rely on a third-party service for security.
Naturally, cloud password managers have the same problem. But at least here you have some alternatives that won’t force you to keep your data on other people’s servers.
Use KeePass or Enpass. These password managers store your credentials in their own securely encrypted databases that you can keep anywhere – on your hard drive, an external storage device, or in your own cloud storage. An application such as BitWarden allows advanced users to create their own mini-server for passwords. And your credentials will belong only to you.
How to securely store passwords
Encrypted file
Writing passwords into a text file is essentially akin to the same piece of paper. However, there are some advantages. First, you don’t need to enter the password manually; you can simply copy it. Second, the file can be further protected from unauthorized access (although you can buy a notepad with a code lock on Aliexpress if you want). Third, it can be uploaded to the cloud and always be with you.
If you resort to this method, the data file must be encrypted. You can do it in different ways, for example, encrypting a note in an application like Evernote. You can also pack the file in a password-protected archive or place it on an encrypted area of your hard drive or even an external drive.
In this case, you only need to know one password to access the file. But the reliability of this method is limited by the reliability of the service or equipment where the file is stored, as well as by the complexity of the password to access it. In addition, this method is hardly suitable for storing a large number of records. Structuring textual information can be difficult. If you own hundreds of accounts, you need a more advanced solution.
Password manager
A much more convenient way is to use a password manager. It is a specialized program that allows generating and storing passwords. The user just needs to remember the master password to access the database.
The features may vary from program to program. For example, KeePass in its basic version is a rather modest program. For security purposes, the program does not even perform automatic updates. All new versions must be installed manually by downloading from the official site. However, you can expand the functionality with numerous plugins. Among others, you can find extensions for synchronization, database import and export, and automatic backups.
There are applications from major developers that are friendlier to inexperienced users and can automatically synchronize passwords between devices.
Of course, there are many more password management applications. But you can’t trust passwords to any random service or application. Only use services that have already earned the trust of users or that are open-source and have been repeatedly tested by the community. Popular solutions include 1password and Lastpass. However, it is risky to blindly trust even reliable programs. For example, Lastpass was hacked in 2015, as evidenced by the entry on the company’s official blog. So before trusting your data to a particular service, look for information about hacks and leaks online.
Browser
You can also store passwords in your browser. Chrome, Firefox, Safari, Opera and other popular browsers have this feature. And we can’t say that it’s not at all unsafe. So, you can set up a master password for access to the database, and protect your account with a two-factor authorization. For greater security, such as protection from other people or colleagues, you can even put a password on your browser. However, no one can guarantee 100% security. When certain vulnerabilities are exploited, an intruder may very well gain access to passwords. For example, a scientific study of the Spectre vulnerability clearly demonstrates password theft from Google Chrome as well as the LastPass extension.
In addition, the built-in password manager offers far less functionality. In Chrome’s Password Manager, you won’t be able to add a third-party password to log into a program or app. You also won’t be able to write down other sensitive information – a code word, a license key, or even a photo of your driver’s license. What’s more, if your passwords are saved in one browser, you won’t have access to them once you switch to another.
A hardware solution
If one program for storing passwords is not enough for you, you can purchase a hardware solution. In essence, it is a device the size and appearance of an ordinary flash drive. The data stored on it is encrypted and can only be accessed if you know the pin code. Using the device is easy – just connect it to your computer, tablet, or other device and select the desired entry in the database. Simply put, it’s such a virtual keyboard that will enter the desired password for you. It’s quite a handy solution to always have a database with passwords that you’re not afraid to lose.
The most popular browsers:
- Google Chrome
- Safari
- Firefox
- Edge
- Samsung Internet
- Opera
Is it safe to store passwords in browsers?
Modern browsers like Google Chrome, Mozilla Firefox, and Opera use the latest data encryption systems. This makes storing passwords and logins in your browser 99% safe.
Google encrypts its passwords with mdapi, but the main thing is that they can only be decrypted on the computer where they were stored, if someone steals the password file and tries to decrypt it they’ll only get logins.
But nothing prevents creating a virus (already made) to decrypt the passwords on your machine and send them to the hacker.
How to view saved passwords in Google Chrome?
The password saving function is one of the most useful options in the browser, it allows you not to enter each time the data in the fields for authorization, but simply click on the field so that these data are pulled up automatically.
Few users know that you can get quick access to information simply by typing chrome://settings/passwords in the address bar. Type that address and press enter – a new tab will show a list of all saved authorization data for different sites. To see the characters, click on the icon in the form of an eye and enter the access code (if it is installed). For networked corporate computers, you will need the password for the administrator account.
View login and password for the site
You can also view the secret code information directly on your device. The file with them is on your computer, in a folder called Login Data. It’s located in:
- “C:\Users\AppData\Local\Google\Chrome\User Data\Default\ if you have 10, 8 and 7 versions of the OS;
- “C:\Documents And Settings\Local Settings\Application Data\Google\Chrome\User Data\Default\” if you have XP.
- For Mac OS X path: “~/Library/Application Support/Google/Chrome/Default”.
- Linux: “~/.config/google-chrome/Default
The data in the file are encrypted using AES methodology. Use a third-party application like DB Browser for SQLite or ChromePass to view the encrypted data.
Viewing saved passwords in Google Chrome
There’s an easier way to view your password information – directly in your browser.
On your Android phone
On the phone version of the Android browser, finding access codes is even easier. You just need to open the browser options, select “Smart Lock or Saving,” and click on “View and manage your saved data at passwords.google.com.”
On iOS devices
If you have an iPhone, open your browser menu, select the same “Smart Lock or Save” section and tap on the desired site for which you want to view the caption. Tap show.
On your computer
If you want to find your login information in the browser itself, repeat the following:
- Open the program and click on the three-dot icon at the top right of the screen.
- Select “Settings”, then “Advanced”.
- Here, from the list of options, select “Passwords, and Forms.”
- Open “Settings” – here will be displayed all the information we need.
This is the same page that was opened on request in the address bar. By clicking on the eye icon opposite the desired line, you can view and copy the desired cipher.
How can I disable saving passwords in my browser?
To prevent passwords from being saved in the program memory and the device itself, select “Advanced” in the program settings, then “Password and forms”. Expand the “Settings” option, and in front of the line “Password saving” put the lever in the disabled position.
How do I delete my password?
Remember the list of all the authorization data that opens in the browser at our request? Just click the cross next to each item whose data you want to erase, and the entry will instantly disappear from the list. Or click here.
Use antivirus or keep Chrome’s firewall active. Don’t forget to update your antivirus virus database regularly, set your antivirus to update automatically.
Use programs that protect the system directories of your PC, such as Protected Folder or PasswordProtect. This way you will additionally protect your personal data from unauthorized viewing by unauthorized persons.
How do I protect my passwords?
Viruses and adware addons often gain access to authorization information. Attackers can use them to steal your account on a site or in a social network and use it for their own purposes. To keep your personal information secure, follow some simple rules.
How do I protect passwords in my browser?
Use multiple accounts on your home computer. Each user should have their own: your passwords are stored in the browser under your “account”, your wife and children under separate accounts for each person.
The password to your account should only be known by yourself. Don’t share it with your family (much less with strangers), and don’t forget to change it periodically.
Always lock your computer screen at home and at work, when you go away from your PC, even for a short while.
Use a PIN, picture key, fingerprint, or Face ID to auto-lock your mobile devices.
Have antivirus regularly updated on all devices, or connect to the network through DNS.
If account protection still doesn’t seem enough to prevent someone from using your passwords in the browser, you can put a master key on the browser itself
For example, let’s use one of the most popular browsers – Mozilla Firefox. In his settings, you can set a master password and protect all personal data, including history of visits and saved links. A password is only required if you need access to this specialized data. You can simply surf the Internet without a password.
Start Firefox and click on the menu icon with three horizontal bars – it is located in the upper right corner. Select the “Settings” option.
Under the “Privacy and Security” tab, check the “Use master password” box.
A new window will open. There you should double-click on the password you want and click “OK”.
Set a password for the browser startup
If you want to password-protect your entire browser, you’ll need a special add-on. After installing this extension, Firefox will ask for your password every time you launch your browser-without a password, you won’t even be able to open webpages.
Go to “Settings” – “Extensions” – “Get add-ons”. Download the free StartupMaster extension. This will automatically open a new window in which you will need to enter the master password, if you set it as described above. After confirming the details, the addon will activate and protect your browser every time you try to start it.
To ensure that you don’t forget your password, select a password storage application.
