Passwords stored in your browser are not safe

Passwords stored in your browser are not safe.  Wait, what?

 

Saving passwords in your browser is a weak link.  When you enter a password while using Chrome, it prompts you to save the password.  You click “OK”, because now you don’t have to worry about entering the password for that site again.  You may have even followed security measures and created a complex, unique password for that site.  One and done, you think.  Not so fast.

 

This article has answers…

Would you be surprised to find out that a simple tool by NirSoft, run on your computer will display your Chrome saved passwords in clear text?  This applies to other browsers, too, like Firefox and Opera.  If someone is able to compromise your Google Chrome account (Gmail), then they can sync all of your passwords to their own computer, run the tool and now have access to all of your password protected accounts.  Now they don’t just have access to your email, but *ALL* of your accounts.  Scary, eh?

 

So, saving my passwords in my browser is risky?

Yes.  The password information is not as secure as you may think it is.

 

But the browser company claims that its safe to have it store my passwords.

Yes, they do.

 

But they really are not safe?

Nope.

 

So, what should I use instead?

We recommend using a separate password manager.  We will be releasing an Infoline article about this shortly.

 

Are there other reasons not to save passwords in my browser?

Yes.  If you save passwords in one browser, you can’t access them in another browser.  Each browser saves your passwords for their local use only.  If you save passwords separately in each browser you use, then one will get out of date when you update a password in the other.  You need a solution that works across all your browsers, and across all your devices.

 

How do I delete the passwords I have already saved in my browser?

It’s a little tricky.  First, several browsers require you to delete the passwords one at a time.  This can be time consuming.  Second, you will need to disable syncing on each device or else when you delete a password from one, it may be recreated by the sync service from another device.

This article will help: https://www.zdnet.com/article/is-it-ok-to-use-your-browsers-built-in-password-manager/

 

Is it safe to store passwords in Safari or on my Apple device?

Apple stores passwords in the Apple Keychain.  This is very secure.  The problem with the Keychain is that it is Apple specific.  You can’t access the passwords from any other device.  If you live in an Apple only world, then the Apple Keychain may work for you.

If you have questions about this, please let us know and we will be happy to assist you.
Take care,