As you navigate the web and log in to various accounts, you probably encounter a pop-up asking if you’d like your browser to remember your password. Clicking “Save password” is tempting for many of us. If you’re trying to maintain strong passwords and not reuse any of them across all of your accounts, it can be a pain trying to remember them all. Having the browser do it for you seems like a major time saver.
However, since hacking and data breaches have become commonplace, you might wonder if it’s a good idea to let your browser save passwords. Although it’s a step up from using the same password across all your accounts, there are still risks involved. Here’s a quick rundown of some of the major reasons why you might not want to use this feature.
1. Anyone who gets into your computer/device can automatically access all your accounts. Once you click “Save password” after logging in to Facebook, your email, or any other site, your browser will automatically populate the password field for you in the future.
While that might save you a few seconds of typing, it also means that anyone who gets ahold of your computer/phone/whatever device you have those passwords saved on will be able to instantly log in to everything, according to the Credera blog entry “Why You Shouldn’t Save Browser Credentials.” That means you’re potentially in serious trouble if a device gets lost/stolen or accessed either physically or remotely by an unauthorized party.
2. Your browser could get hacked. In August of 2016, Opera announced there were signs of an attack that involved cybercriminals gaining access to the Opera sync system. Although the company stopped the attack, the data of some sync users might have been compromised.
While it’s unlikely that companies with high levels of security resources (e.g., Google) would get hacked, it’s still a risk you take when you let a browser remember your passwords, according to the Wired article “Sorry, But Your Browser Password Manager Probably Isn’t Enough.”
3. The browser password manager might not have strong security requirements. Browser-based password managers exist primarily to make your life easier, rather than to keep your passwords safe, according to Wired. That means that they might not have the same security features as standalone password managers, such as requiring strong passwords and pointing out/stopping the reuse of the same password across multiple accounts.
Ultimately, security experts still generally recommend using a dedicated password manager, such as LastPass or 1Password, according to Wired. A standalone password manager is an application that stores your info in an encrypted database. It functions like a virtual lock box, and you just need to know one strong password to get into the manager.
If you’d like to know more about best password practices and/or anything else related to cybersecurity, our team of tech experts can help. Feel free to contact us by calling 877-599-3999 or emailing firstname.lastname@example.org.