888.678.7282    Get SUPPORT

Strata Information Technology Blog

Do Browser-Saved Passwords Stay Secure?

Do Browser-Saved Passwords Stay Secure?

One of the best things about computers is that there is always a new way to make something easier: automation decreases a workload, their processors can calculate much faster than the human brain can, collaboration with coworkers becomes almost effortless, and your web browser can even remember your passwords! However, you have to ask yourself: is the ability to save your passwords in your browser really a great idea?

In a Word: No
Unfortunately, there are ways that a hacker could access these passwords in each browser that the average user might use.

Google Chrome - When logged in to your Google account, Chrome automatically saves all of your passwords in that account. This means that all a hacker would need to do is gain access to your Google account, and they would be able to see all of your passwords, clear as day.

Mozilla Firefox - Firefox saves a user’s passwords under encryption, with the master password acting as the encryption key. However, this low-level encryption can easily be broken by a brute force attack. Furthermore, these passwords are also accessible by anyone in possession of the device without a login required.

Safari - Similarly to Firefox, all passwords are stored in the browser’s settings, and can be accessed without a login.

Internet Explorer - While IE saves your passwords, it does not show them… unless a relatively easy-to-find tool is utilized. Then your saved passwords are exposed.

Microsoft Edge - Microsoft Edge has had a few problems with security in the past, from the fact that there was a flaw in Edge that allowed hackers to read browser-compatible files (like notepad files, that some people might use to store passwords and credentials in). There have also been problems with some third-party managers in the past, like Edge Password Manager, also neglecting to require password authentication.

This is nothing new. An 11-year-old bug was discovered in the beginning of this year that enabled the theft of website credentials. This bug allowed the saved usernames (which were often just emails) and passwords to also be automatically entered into an invisible hidden form, unbeknownst to the user.

What Can I Do?
The first step you should take is to disable the password manager that is built-in to your browser. The method of doing so varies between them.

Google Chrome - Select the Chrome Menu from the toolbar, and select Settings. Scroll down and select Advanced, and under Passwords and forms, click Manage passwords. Under Auto Sign-in, turn the switch to the off position.

Mozilla Firefox - Find the Firefox Menu in the toolbar, and access Options. Then select Privacy & Security on the left, and under the Forms & Passwords header, deselect Remember logins and passwords for websites.

Safari - In the toolbar, click the Safari Menu. The select Preferences, Autofill, and deselect the following: Using info from my Address Book card, Usernames and passwords, Other forms.

Internet Explorer - Just stop using this one, and use one of the others instead. However, if you insist on using IE (or you have no choice), click into the Internet Explorer Menu found in the toolbar, select Internet Options, Content, and under AutoComplete, select Settings. Once there, deselect Forms and Searches, as well as User names and passwords on forms, clicking OK to finalize your changes.

Microsoft Edge - Select the Edge Menu from the toolbar, and then select Settings. Scroll down to locate View advanced settings. Deactivate Offer to save passwords (under Privacy and services) and deactivate Save from entries (under Manage passwords).

While it may be a pain to remember all of your passwords, there are much more secure options out there. For example, there are services like LastPass that more securely store passwords behind powerful encryption, and while they aren’t infallible, they are far better than what your browser offers.

For more assistance with managing your IT and its security, reach out to Strata Information Technology at 888.678.7282.

Tip of the Week: 5 Ways to Keep Your Data Safe
A Short Look at 2018 in Cybersecurity
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, May 24 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Business Computing Best Practices Managed IT Services Privacy Network Security Cloud Hackers Malware Internet User Tips Efficiency Data Productivity Communications Microsoft Communication IT Support Business Management Outsourced IT Cybersecurity Passwords Software Tech Term Backup Smartphones Ransomware Business Windows 10 Hardware Innovation Google VoIP Email Small Business Productivity Alert Users Mobile Device IT Services Social Media Network Apps Data Recovery Browser Smartphone Data Backup Bandwidth Save Money Hosted Solutions Microsoft Office Cloud Computing Miscellaneous Holiday Phishing Collaboration Internet of Things Business Continuity Workplace Tips Office 365 Data Breach Vulnerability Saving Money Android App Mobile Devices Twitter Computer Access Control Compliance BDR Applications Gadgets Facebook Law Enforcement Blockchain Patch Management Workers Office Net Neutrality Wireless Personal Information Settings Employer-Employee Relationship Remote Monitoring Scam Excel Mobile Device Management Company Culture Politics Wi-Fi Chrome Cybercrime Networking Government Information Remote Monitoring and Management Telephony Windows Word Virtual Assistant Value Connectivity Marketing How To Entertainment Antivirus Recovery Maintenance Website Password Healthcare Upgrade Retail Managed Service Data Security Computers Education Paperless Office BYOD Spam Medical IT Voice over Internet Protocol Vendor Management Automation Managed IT Service Managing Stress SaaS Dark Web Virus DDoS Inventory Payment IT Management Sports Video Games Google Maps Update Emergency Dongle Worker Security Cameras Apple Edge Threat IaaS Tech Support Authorization Employees Wireless Internet News Dark Data Spyware Television Information Technology Storage Multi-Factor Security Specifications Avoiding Downtime Movies Credit Cards Safety Voice over IP Amazon Smart Technology The Internet of Things instant Messaging Email Management Tech Terms Staffing Technology Efficiently Licensing Bring Your Own Device Printer iPhone HaaS Printer Server Budget Solid State Drive Cortana Help Desk Telephone System WannaCry Unified Threat Management HP Biometrics Error Human Resources Data loss Gadget Travel Business Intelligence Regulation Vulnerabilities Sales Managed Service Provider Cost Management Streaming Media Outlook Technology Tips Hybrid Cloud WiFi Managed IT Cleaning Printers Troubleshooting Hard Disk Drive Physical Security Shortcut Certification HIPAA Botnet VPN Document Management Database Leadership Access Customer Service Touchscreen Employee-Employer Relationship Router Content Filtering Hiring/Firing Employer Employee Relationship Staff RAM Current Events Live Streaming Reporting Cryptocurrency Tablet Downloads Data Management Backup and Disaster Recovery Cables Plug-In Telephone Systems Data Protection Encryption Computer Care VoIPMyths Video Files Battery CrashOverride Mobility Remote Support Hard Drive Tactics Microsoft Office 365 Electronic Health Records Gmail Automobile Websites Microsoft Teams Profitability WhatsApp Wireless Charging Synergy e-waste Disaster Recovery Knowledge Artificial Intelligence Trends Yahoo SSD Proactive IT E-Commerce Remote Control IT budget PowerPoint Gaming Console VoIPSavings Training Processors Digital Internet Explorer Analytics Two-factor Authentication Authentication Health Eliminating Downtime Lead Generation disposal GDPR Time Management Comparison Hard Drives A.I. Scalability Phone System Copy Augmented Reality Spam Blocking User Security Search Scheduling G Suite Wireless Technology Windows 10 5G Tip of the week Server Emoji IBM Chrome OS Telecommute VoIP Mobile Security Paste Business Technology Instagram Hacker Wearables Money Laptop Printing Quick Tips Remote Computing Samsung Customer Relationship Management Conferencing Unified Communications Competition eCommerce Operating System Big Data Network Attached Storage Managed IT Services IP Address Paper Telecommuting Online Shopping Environment Server Management Mobile Office Domains Fun Ink Millennials Windows 7 Google Drive Public Speaking Hosted Solution File Sharing OneNote IT Support Presentation Autocorrect User Tip Virtualization Machine Learning Lithium-ion battery

Newsletter Sign Up