Skip to main content

Why you should never allow your web browser to save your passwords


Why you should never allow your web browser to save your passwords



When a web browser like Chrome, Firefox or Safari is allowed to store passwords, you're putting your network security at risk.







One reason why you shouldn't allow your web browser to save your passwords
Passwords. They are the bane of so many users' existence. Yet, they're one of the only ways we have to secure our accounts, and those accounts are frequently compromised. IT pros always harp on users to create secure passwords--to the tune of creating password profiles that demand specific requirements.
And yet, no matter how hard we try to lock down those accounts, they are still vulnerable.

Why?

First off, even after being constantly warned, users still insist on passwords like 12345 or password. Even when those users employ incredibly complex passwords, there is still a roadblock in the way of enjoying a truly safe networking experiencing. Said roadblock is when a web browser is allowed to store passwords.
Sure, it's convenient. After all, who wants to type a password every single time it's requested? When you make use of a large number of online services, typing a password each time you use said service can disrupt your productivity. And when those passwords are incredibly complex, such that you must use a password manager, efficiency goes out the window.
And yet, even at the expense of productivity, there's a very good reason why you should never allow a web browser to remember your passwords. That reason is how easy it is to view passwords in modern web browsers. Chrome will allow users to view passwords, even without requiring a master password. Firefox, on the other hand, at least requires a master password, but only if one is set (which many users either overlook or aren't aware of its existence). Like Firefox, Safari at least hides passwords behind a user's password. The difference between Firefox and Safari is the password isn't optional in Apple's browser.

How easy can you view saved passwords?

Update: If you're using the Windows 10 platform, you will be prompted for a user password, in order to access saved passwords in Chrome.
Let me demonstrate how easy it is to view saved passwords on the three browsers mentioned. Remember, this only works on passwords that are stored by the browser. First, we'll look at Chrome (as it is the most vulnerable). To view saved passwords in Chrome, do the following:
  1. Open Chrome.
  2. Click the Menu button and select Settings.
  3. Scroll to Autofill and click Passwords.
  4. Locate the password you want to view and click the "eye" icon (Figure A).
  5. Enjoy that password.





Figure A
Figure A: Viewing a stored password in Chrome.

To do the same trick in Firefox, do the following:
  1. Open Firefox.
  2. Open the Menu and select Preferences.
  3. Click Privacy & Security (from the left pane).
  4. Scroll to Logins & Passwords.
  5. Click Saved Logins.
  6. Click Show Passwords (Figure B).
  7. Enjoy your passwords.





Figure B
Figure B: Viewing stored passwords in Firefox.

The only caveat to the steps in Firefox is if a Master Password is in use. Should that be the case, you'll be prompted for that password, after clicking Show Passwords. Without the Master Password, you cannot view stored credentials.
Now, let's examine Safari. Here are the steps for viewing passwords in Apple's browser.
  1. Open Safari.
  2. Click the Safari menu in the top bar and select Preferences.
  3. Click the Passwords tab.
  4. When prompted either type your password, or use the fingerprint sensor (if available).
  5. Click on the website you want to view (Figure C).
  6. Enjoy that password. 


Figure C
Figure C: Viewing stored passwords in Safari.

Clearly, Safari has the edge here, only because it requires the use of a password to view stored credentials. If Firefox stored credentials are locked by a Master Password, then it puts the Mozilla browser on similar ground. As far as Chrome is concerned, your saved passwords are there for all to see, unfettered and unprotected.

What to do?

The answer to this question is simple. Don't allow your browser to save your passwords. None of them. Not one. If you do, those passwords are vulnerable. All someone has to do is have access to your computer (remote or physical) and, unless you use Safari or the Master Password feature in Firefox, those passwords are available for anyone to see.
If you absolutely must have your browser store your passwords, and you're not using macOS, make sure to use Firefox and enable the Master Password feature. Use Chrome at the peril of your passwords.
In place of having your web browser store your passwords, make use of a password manager. By doing so, the likelihood of someone viewing your passwords is considerably lower. It's not perfect, but it's far better than handing over the security of your passwords to a web browser.
The adage, "Better safe, than sorry," most certainly applies.

Also see


Comments

Title

Link

https://amzn.to/3isoLUX https://www.amazon.in/gp/product/B082PFY9S7?smid=AT95IG9ONZD7S&psc=1&linkCode=sl1&tag=mywebsit0749e-21&linkId=5108a27204271760a5ba4d6108af7893&language=en_IN&ref_=as_li_ss_tl https://amzn.to/3ist5DR https://amzn.to/3s5ZcMQ

PUBG Mobile Season 4: Release date, season Royale Pass, new features and more

PUBG Mobile Season 4 release date, new features and more: The Battle Royale game, Player Unknown's Battlegrounds for Mobile, will get revamped for its fourth season later this week. PUBG Mobile Season 4 launch, Royale pass, and latest features:  Player Unknown’s Battlegrounds (PUBG) will refresh its mobile version for a fourth season. An update for the same had also been acknowledged by the company through Twitter. The third season of the Battle Royale game, popularly known as PUBG, ended on November 18. Here’s when PUBG Mobile Season 4 starts, and the new features it will bring. PUBG Mobile Season 4: Release date Smartphone gamers will have to wait until November 20 for the new season of PUBG. The global servers for the game are expected to be connected by November 21, which is when all devices are expected to receive access for the same. New and existing players should note that the latest version of PUBG will not take the Season 3 rankings and scores into accoun...

Some Hot New Technologies That Will Change Everything

Some Hot New Technologies That Will Change Everything Illustration: Randy Lyhus The Next Big thing? The  memristor , a microscopic component that can "remember" electrical states even when turned off. It's expected to be far cheaper and faster than flash storage. A theoretical concept since 1971, it has now been built in labs and is already starting to revolutionize everything we know about computing, possibly making flash memory, RAM, and even hard drives obsolete within a decade. The memristor is just one of the incredible technological advances sending shock waves through the world of computing. Other innovations in the works are more down-to-earth, but they also carry watershed significance. From the technologies that finally make  paperless offices  a reality to those that deliver  wireless power , these advances should make your humble PC a far different beast come the turn of the decade. In the followin...

Trump's 250 Yard, 8-Vehicle Motorcade To Greet Bush Jr Across The Street

The Trumps spent 23 minutes visiting Bush, his wife Laura, by all accounts a cordial meeting in which the former president exchanged kisses on the cheek with the current first lady at the curb. President Donald Trump leaves in the presidential limo after meeting the Bush family. WASHINGTON : President  Donald Trump traversed a wide political chasm Tuesday evening when he personally welcomed George W. Bush, his occasional foil, to Blair House, the presidential guest quarters across Pennsylvania Avenue from the White House. But the actual distance was just 250 yards - a route Trump and his wife Melania traveled in the presidential parade limousine, with a motorcade of at least seven other vehicles. The Trumps spent 23 minutes visiting with Bush and his wife Laura, by all accounts a cordial meeting in which the former president exchanged kisses on the cheek with the current first lady at the curb. It was the latest in a series of magnanimous gestures that President Trum...

Ways To Earn CryptoCurrency For Free

  Some Websites Are Listed Below For Earning:- 1.  Sphere by Horizen 2. GramFree 3.  Earnabl y 4. Crypto Tab Browser 5. Honey 6. Coinpayu Sphere by Horizen Due to a change of the Application ID in v1.2.6-beta, Windows users upgrading from 1.2.5-beta or earlier or setups with multiple user accounts must uninstall Sphere by Horizen first, using the "Programs" utility from the "Control Panel" before installing any version greater than v1.2.5-beta. Please follow the upgrade guides for  Windows  or  macOS . Latest Version:   v1.2.8-beta For a list of changes implemented in this version, please view the  changelog . Due to significant improvements to data handling, users who took part in version 1.0.1-beta or earlier are advised to create new accounts and restore their wallet seeds. An upgrade mechanism will be included in a future release to remove the requirement on the user to perform this step. User  manual:   https://horizenofficial.atlas...

Samsung Galaxy S10 pictured with two cameras, S855-powered S10+ benchmarked

The revised renders of the Galaxy S10+ showed a  quad camera  on the back. Now the Samsung Galaxy S10 design has come to light and it has two rear cameras. Different camera setups were used to differentiate the Galaxy S9 duo this year. But next year there will be no less than three Galaxy S flagships. The S10+ should be the top model with four cameras and a large curved screen. Then there will be two models with a 5.8” screen – one curved and one flat (the base model). So, which one is the one in the image? We guess it’s the middle model, the one with a curved screen and an in-display fingerprint reader. The base model will likely have a  side-mounted reader . This image doesn’t offer a clear view of the sides, but the case doesn’t seem to have cutouts for a power button/FP reader combo. Either way, there’s one Galaxy S10 model unaccounted for – how many cameras will it have? Moving on to what you can’t see – the performance of the chipset. The Galaxy S10+ with...

Avengers 4 Endgame: The new IMAX trailer solves one mystery from the first trailer

Recently, one Endgame spoiler kind of revealed how Stark does make it to Earth eventually and he can be seen driving a brand new Audi. Few weeks ago, Marvel finally released the most awaited trailer of Avengers 4: Endgame. Soon fans went gaga over it and dissected each and every frame of the trailer to find out clues on what will happen in the sequel of the Infinity War. One MCU fan even pointed out how there was one major mistake in the trailer as well. And now, Marvel released the new IMAX trailer of Avengers: Endgame. The new trailer is almost the same, but it showcases more content since it has different aspect ratio.  So, additional information about the Endgame was revealed and one of the screenshots from the IMAX trailer which was posted by Jeremy Conrad of MCU Cosmic showcased that Nebula's hand is touching Iron Man's shoulder. In the first trailer, we saw a hand on a shoulder but thanks to different aspect ratio we can safely assume that it is Nebula's ...

Iron Man, Captain America will both die in Avengers Endgame, theory says

A new Avengers theory suggests that clues to Iron Man and Captain America’s death in Endgame can be found as far back as Avengers: Age of Ultron. Tony Stark and Captain America will live together and die together. Now that Marvel fans have had some time to mull over the  Avengers : Endgame trailer, theories have once again started to emerge online as to who’ll live and who’ll die at the end of the hotly anticipated movie. One theorist suggests that clues about the Avengers’ fates can be found in an older Marvel movie. While directors Joe & Anthony Russo had gone on record to say that the title of the fourth Avengers movie had not been spoken in any previous Marvel film, this turned out to be incorrect when the film’s title was revealed to be Avengers: Endgame at the end of the first trailer. Not only was the word ‘endgame’ spoken in Avengers: Infinity War, it was first spoken in the Marvel Cinematic Universe in the second Avengers movie,  Age of Ultron . A...