Deciding how to manage passwords is a challenge that every individual and business face. We can’t get around the need to use them, but once passwords become compromised it can lead to an expensive account or network breach.
The average person has to juggle 70-80 passwords between personal and work accounts. Trying to remember strong passwords for all those logins is impossible unless you have a photographic memory, which leads people to use other ways to manage their passwords.
Some people resort to the “sticky note” method. Surprisingly, in a survey of employee password behaviors, 42% of organizations cited this as their method of password management.
Many users will save their passwords in their browsers. It’s one of the most convenient methods and passwords are there right when you need them. Just type a login into any website or online application and your browser will ask if you’d like to save it.
But how secure is it to store passwords in this way? Is there a chance of them being exposed?
We’ll go through how this method works below as well as the things you need to be aware of when it comes to browser-stored passwords. We’ll be looking at Chrome since it’s the number one browser by market share, but this information also applies to other browsers like Edge, Safari, and Firefox.
What to Know About Saving Your Passwords in a Browser
Where Are Browser Passwords Stored?
Where your passwords are stored will depend upon whether you are syncing your account with other devices or not. Most users like to have their browser sync across their phone, tablet, and computer for convenience.
- Not synced: If you are not syncing your account, then your passwords stored in Chrome are stored locally on your computer only.
- Synced: If you are synching so you can use your stored password with other devices, then they’re being stored in the cloud in your Google Account
Encryption is used to protect usernames and passwords that are stored within Chrome and other browsers.
You Need to Be Signed In to Use Your Saved Passwords
You do need to be signed in to your browser to access your stored passwords. This can add an additional level to security unless that master password is too easy or gets hacked.
To better protect those stored passwords, you should enable multi-factor authentication on your browser login. It really should be enabled for all your other online accounts as well as a safeguard.
Browsers Tend to Stay Logged In
You’ll notice that you hardly ever have to re-login to your browser. A persistent login is convenient, but it’s also a safety risk. If your laptop or mobile device is stolen and you’re logged into your browser (like most people are), then a thief can easily access all your stored passwords.
Passwords Are Easily Read
A criminal doesn’t necessarily even need your device to access your stored passwords. If your computer is breached or infected with spyware, a hacker can access your browser settings and click to see all your passwords in plain text.
This is a big security issue and one that users need to be aware of when deciding to allow their browser to store all their passwords.
You Can’t Use Those Passwords in Other Browsers
Some people do use more than one browser. For example, they may choose to use Safari on their iPhone, but prefer Edge on their Windows 10 PC.
This can make storing your passwords in a single browser inconvenient because they won’t be accessible in other browsers.
Cloud Databases Can Be Breached
If you’re syncing your browser data, then your passwords are being stored online. It’s no secret how even large cloud providers are susceptible to having their databases full of usernames and passwords breached.
Already this year, the account details of at least 214 million social media users on Facebook, Instagram, and LinkedIn were exposed through a data leak of an unsecured database. Having all your passwords stored in an online account database leaves them at higher risk.
Password Managers Offer a More Secure Alternative
One tool that you can use that is just as convenient but more secure than storing your passwords in a browser is a password manager. Password managers store your credentials locally on your computer and the password management vendor doesn’t have a copy of them in a cloud database.
You use one master password to access all your stored passwords, and passwords are encrypted and stored securely.
Another benefit is that you can use a password manager across multiple browsers using a browser plugin or application.
Companies can benefit a great deal by using password managers rather than allowing users to store business passwords in browsers. Reasons include:
- They gain visibility into business password use
- They can add or remove users to the company account (which improves security when an employee leaves)
- Other data, like company payment cards, can also be stored securely
Do You Have a Handle on Your Password Management?
Are you struggling with passwords on sticky notes, in contact apps, and in browsers? C Solutions can help your Orlando area business get a handle on password management to improve your data breach protection.
Schedule a free consultation today! Call 407-536-8381 or reach us online.