Skip to main content

Why you should never allow your web browser to save your passwords


Why you should never allow your web browser to save your passwords



When a web browser like Chrome, Firefox or Safari is allowed to store passwords, you're putting your network security at risk.







One reason why you shouldn't allow your web browser to save your passwords
Passwords. They are the bane of so many users' existence. Yet, they're one of the only ways we have to secure our accounts, and those accounts are frequently compromised. IT pros always harp on users to create secure passwords--to the tune of creating password profiles that demand specific requirements.
And yet, no matter how hard we try to lock down those accounts, they are still vulnerable.

Why?

First off, even after being constantly warned, users still insist on passwords like 12345 or password. Even when those users employ incredibly complex passwords, there is still a roadblock in the way of enjoying a truly safe networking experiencing. Said roadblock is when a web browser is allowed to store passwords.
Sure, it's convenient. After all, who wants to type a password every single time it's requested? When you make use of a large number of online services, typing a password each time you use said service can disrupt your productivity. And when those passwords are incredibly complex, such that you must use a password manager, efficiency goes out the window.
And yet, even at the expense of productivity, there's a very good reason why you should never allow a web browser to remember your passwords. That reason is how easy it is to view passwords in modern web browsers. Chrome will allow users to view passwords, even without requiring a master password. Firefox, on the other hand, at least requires a master password, but only if one is set (which many users either overlook or aren't aware of its existence). Like Firefox, Safari at least hides passwords behind a user's password. The difference between Firefox and Safari is the password isn't optional in Apple's browser.

How easy can you view saved passwords?

Update: If you're using the Windows 10 platform, you will be prompted for a user password, in order to access saved passwords in Chrome.
Let me demonstrate how easy it is to view saved passwords on the three browsers mentioned. Remember, this only works on passwords that are stored by the browser. First, we'll look at Chrome (as it is the most vulnerable). To view saved passwords in Chrome, do the following:
  1. Open Chrome.
  2. Click the Menu button and select Settings.
  3. Scroll to Autofill and click Passwords.
  4. Locate the password you want to view and click the "eye" icon (Figure A).
  5. Enjoy that password.





Figure A
Figure A: Viewing a stored password in Chrome.

To do the same trick in Firefox, do the following:
  1. Open Firefox.
  2. Open the Menu and select Preferences.
  3. Click Privacy & Security (from the left pane).
  4. Scroll to Logins & Passwords.
  5. Click Saved Logins.
  6. Click Show Passwords (Figure B).
  7. Enjoy your passwords.





Figure B
Figure B: Viewing stored passwords in Firefox.

The only caveat to the steps in Firefox is if a Master Password is in use. Should that be the case, you'll be prompted for that password, after clicking Show Passwords. Without the Master Password, you cannot view stored credentials.
Now, let's examine Safari. Here are the steps for viewing passwords in Apple's browser.
  1. Open Safari.
  2. Click the Safari menu in the top bar and select Preferences.
  3. Click the Passwords tab.
  4. When prompted either type your password, or use the fingerprint sensor (if available).
  5. Click on the website you want to view (Figure C).
  6. Enjoy that password. 


Figure C
Figure C: Viewing stored passwords in Safari.

Clearly, Safari has the edge here, only because it requires the use of a password to view stored credentials. If Firefox stored credentials are locked by a Master Password, then it puts the Mozilla browser on similar ground. As far as Chrome is concerned, your saved passwords are there for all to see, unfettered and unprotected.

What to do?

The answer to this question is simple. Don't allow your browser to save your passwords. None of them. Not one. If you do, those passwords are vulnerable. All someone has to do is have access to your computer (remote or physical) and, unless you use Safari or the Master Password feature in Firefox, those passwords are available for anyone to see.
If you absolutely must have your browser store your passwords, and you're not using macOS, make sure to use Firefox and enable the Master Password feature. Use Chrome at the peril of your passwords.
In place of having your web browser store your passwords, make use of a password manager. By doing so, the likelihood of someone viewing your passwords is considerably lower. It's not perfect, but it's far better than handing over the security of your passwords to a web browser.
The adage, "Better safe, than sorry," most certainly applies.

Also see


Comments

Title

Link

https://amzn.to/3isoLUX https://www.amazon.in/gp/product/B082PFY9S7?smid=AT95IG9ONZD7S&psc=1&linkCode=sl1&tag=mywebsit0749e-21&linkId=5108a27204271760a5ba4d6108af7893&language=en_IN&ref_=as_li_ss_tl https://amzn.to/3ist5DR https://amzn.to/3s5ZcMQ

PUBG Mobile Season 4: Release date, season Royale Pass, new features and more

PUBG Mobile Season 4 release date, new features and more: The Battle Royale game, Player Unknown's Battlegrounds for Mobile, will get revamped for its fourth season later this week. PUBG Mobile Season 4 launch, Royale pass, and latest features:  Player Unknown’s Battlegrounds (PUBG) will refresh its mobile version for a fourth season. An update for the same had also been acknowledged by the company through Twitter. The third season of the Battle Royale game, popularly known as PUBG, ended on November 18. Here’s when PUBG Mobile Season 4 starts, and the new features it will bring. PUBG Mobile Season 4: Release date Smartphone gamers will have to wait until November 20 for the new season of PUBG. The global servers for the game are expected to be connected by November 21, which is when all devices are expected to receive access for the same. New and existing players should note that the latest version of PUBG will not take the Season 3 rankings and scores into accoun...

Vision is alive and will defeat Thanos in Avengers Endgame. Here’s how

If the latest fan theory turns out to be true, then Vision's consciousness will give the Marvel superheroes an upper hand and he might be the actual reason behind the Mad Titan's defeat in Avengers: Endgame. Actor Paul Bettany plays Vision in Marvel Cinematic Universe. Vision, played by actor Paul Bettany, might be alive and have a pivotal role in Avengers: Endgame. Infact, he will be instrumental in defeating Thanos in the final battle. But how can that happen, considering Vision was left all cold and grey when Thanos ripped him off the Mind Stone in last year’s blockbuster, Avengers: Infinity War? Going by a new fan theory doing the rounds, there is a catch! Vision is an  android  which was created by Tony Stark and Bruce Banner during Avengers: Age of Ultron. He was brought to life by the Mind Stone stuck on his forehead. In one of the most emotional scenes of Avengers: Infinity War, we saw Scarlet Witch aka Wanda destroying the Mind Stone that ensured Vision bro...

Ways To Earn CryptoCurrency For Free

  Some Websites Are Listed Below For Earning:- 1.  Sphere by Horizen 2. GramFree 3.  Earnabl y 4. Crypto Tab Browser 5. Honey 6. Coinpayu Sphere by Horizen Due to a change of the Application ID in v1.2.6-beta, Windows users upgrading from 1.2.5-beta or earlier or setups with multiple user accounts must uninstall Sphere by Horizen first, using the "Programs" utility from the "Control Panel" before installing any version greater than v1.2.5-beta. Please follow the upgrade guides for  Windows  or  macOS . Latest Version:   v1.2.8-beta For a list of changes implemented in this version, please view the  changelog . Due to significant improvements to data handling, users who took part in version 1.0.1-beta or earlier are advised to create new accounts and restore their wallet seeds. An upgrade mechanism will be included in a future release to remove the requirement on the user to perform this step. User  manual:   https://horizenofficial.atlas...

CISCE Releases ISC/Class 12 Board Exam 2019 Date Sheet

Council for Indian School Certificate Examination (CISCE) has released the date sheet for ISC (Class 12) and ICSE (Class 10) board exam 2019. ICSE 2019 Timetable: ISC Class 12 Exam 2019 Time Table Released New Delhi:  Council for Indian School Certificate Examination (CISCE) has released the date sheet for ISC (Class 12) and  ICSE  (Class 10) board exam 2019 . The exam for ISC or class 12 students will begin on February 4, 2019 and conclude on March 25, 2019. The exams will begin with practical exams which are scheduled from February 4 to February 14, 2019. The Theory component will begin with Economics paper exam on February 15, 2019. The date sheet is also available on the official website. Students can check the detailed exam schedule below.  ISC (Class 12) Board Exam 2019 Schedule February 04, 2019 (9.00 AM): Art Paper 3 (Drawing or Painting of a Living Person) February 05, 2019 (9.00 AM): Physics - Paper 2 (Practical) February 06, 2019 (...

Terrorist Lived 10 km From Site Where He Killed 40 Soldiers In Kashmir

More than 40 people were killed when the Jaish-e-Mohammad terrorist rammed a vehicle loaded with explosives into a CRPF convoy in Jammu and Kashmir's Pulwama. Pulwama attack: Adil Ahmad Dar joined Jaish-e-Mohammad last year. Story Highlights Adil Ahmad Dar, 22, joined terror group Jaish-e-Mohammad last year He was also known as "Adil Ahmad Gaadi Takranewala" Police say he is the third local suicide terrorist recruited by Jaish New Delhi:  Adil Ahmad Dar, the Jaish-e-Mohammad terrorist behind the worst-ever terror attack on security forces in Jammu and Kashmir, lived just 10 km from the spot where he rammed his car full of explosives into a security convoy, killing over 40 Central Reserve Police Force (CRPF) personnel on Thursday. Also known as "Adil Ahmad Gaadi Takranewala" and "Waqas Commando of Gundibagh", he joined the Pakistan-based terror outfit last year. On Thursday, he  drove towards the convoy of 78 CRPF buses tr...

2.0 Box Office Collection Day 1: Rajinikanth And Akshay's Film, Hindi Version, Gets 'Super Start'

2.0 , starring Rajinikanth and Akshay Kumar, collected Rs 20.25 crore on the opening day Rajinikanth in a still from  2.0 . (Image courtesy:  YouTube ) Story Highlights " 2.0 's business is strong," say trade pundits 2.0 opened to favourable reviews on Thursday 2.0 is the sequel to 2010 film Enthiran New Delhi:  2.0 , starring Rajinikanth and  Akshay Kumar , collect a little Rs 20 crore - Hindi version only - on the opening day, reported trade analyst Taran Adarsh. "Non-holiday release, non-festival period and yet,  2.0  takes a super start. Keeping in mind the fact that it's a dubbed film and the advance bookings opened very late, the business is strong. Thu Rs 20.25 crore (Hindi version)," he tweeted. Going by the film's pre-release hype, trade pundits thought  2.0  had a good chance to beat  Thugs Of Hindostan 's opening day collection number (Rs 50 crore in Hindi). However,  Thugs of Hindostan 's box office g...

Network security policy

Network security policy This policy will help you create security guidelines for devices that transport and store data. You can use it as-is or customize it to fit the needs of your organization and employees. From the policy  Summary Every company’s network is made up of devices that transmit and store information. This can include internal and external systems, either company-owned or leased/rented/subscribed to. To protect company data and reputation, it is essential to ensure that the network is secured from unauthorized access, data loss, malware infestations, and security breaches. This must be done via systematic end-to-end controls. Policy details The IT department will be responsible for implementing, adhering to, and maintaining these controls. For the purposes of this document, “all devices” refers to workstations, laptops, servers, switches, routers, firewalls, mobile devices, and wireless access points. Where possible, these guidelines will...