Tech

Stop using your browser’s built-in password manager. This is why


Hand typing username and password keyboard

Sakorn Sukkasemsakorn / Getty

I get this question a lot: Should I use a password manager? The answer is very simple…yes. But no matter how often I give that advice, many people ignore it and continue using their browser’s built-in password manager. I understand that, because using the browser’s password manager is very convenient and does not require you to install additional software.

Everyone is busy, and having to take the extra step just to log into one of your many accounts can reduce your productivity. Nobody wants that.

Also: The best password manager

Let me ask you another question, though: Is a minor glitch in your workflow worth your peace of mind knowing your passwords are secure? If you answered yes, then I suggest you download one of many Powerful password manager and start the conversion process. If your answer is no, I advise you to continue reading.

One of the big problems, related to browsers and passwords, is that the vast majority of users choose the Chrome browser. Out of all the popular web browsers (Chrome, Firefox, Edge, Safari, Opera, Brave, and Vivaldi), that particular browser is one of the most insecure.

Also: The best browsers for privacy

Part of the reason for this is due to such widespread use that targets the back of the browser. This is not the only reason, however. You’ll also see Google issue a steady stream of warnings that users must upgrade Chrome due to one or more critical vulnerabilities. And with users’ tendency to ignore such updates, a lot of Chrome installations are still insecure.

And then Popular Chromebooks. In 2022, nearly 30 million Chromebooks have been shipped. I know many Chromebook users who depend on Chrome as their password manager of choice. That way, they can even powerwash their machine, and when they log back in, they still have quick access to all their passwords.

Allow me to show you something. I have Chrome installed on Pop!_OS desktop. I don’t use Chrome but I have it ready, in case I need to write about it. I don’t allow any of my browsers to save passwords.

Also: You’re definitely not getting the most out of your password manager

Instead I use a password manager. However, for the purposes of this moment, I’ve added a text password entry to Chrome to illustrate how easily anyone can jump on your screen and steal your password. any.

Here’s how it works:

  1. Stand at my desk.
  2. Open Chrome.
  3. Go to Settings > Autofill > Password Manager.
  4. Find the password you want to see.
  5. Click the eye icon.
  6. View password.

One thing to note is that the above workflow is OS dependent. On Linux, there is no password protection for the Chrome password manager, so the above case applies. On MacOS and Windows, the password manager works the same way as ChromeOS: the first time you need to see an entry, it prompts you for your user password. After entering that password, you can view another entry without authentication for the next 60 seconds.

Also: How to protect and secure your password manager

That means if you successfully enter your password to see the entry and to open the Settings tab, someone else can spy on you and (before the 60 second timeout) see the password without having to authenticate with your account. Of course, 60 seconds is not much, but it is enough, if you look at the password and immediately leave the desk.

Those are some very specific criteria for someone to steal a password. And, you may find yourself in a similar situation with a password manager. I have my password manager set to auto-lock after five minutes of inactivity, but I work from home and it’s mostly just me and my wife. On my mobile, that timeout is set to Immediate. So as soon as I view the password entry and close the app, the vault locks.

Yes, it requires a specific set of circumstances for someone to steal those passwords, but it is possible.

Let’s go back to the desktop version of Chrome. Unlike Firefox, Google’s desktop browser doesn’t have a real master password feature. The function of this feature (at least on Firefox) is to lock your password with a master password (just like a password manager). once you have set Firefox master password, the browser cannot see or even use the password until you successfully authenticate. That feature can protect your saved passwords from prying eyes.

Even better, it prevents someone from opening your web browser and logging into the account where you saved the password to the browser. Until those master passwords are entered, those passwords may not even exist in your browser. Chrome does not have a similar feature. So if you save your account passwords in Chrome, as long as someone can access your screen, they can access those accounts.

Also: What is the best way to ensure privacy with your web browser?

Even so, a web browser is simply not the most secure piece of software on your computer. With them you transfer data (sometimes in plain text) and even your passwords are often synced to an external server. Can those passwords be intercepted in transit? Sure they can. Are they viewable by that third party? Not easy.

But why risk it when you can use a password manager that greatly alleviates the problem of handing over your passwords to a less secure system? And there are many password managers available, most of which are free to use.

I’m not saying every password manager is 100% secure. If your computer is connected to the network, nothing is 100%. Even if your computer is not connected to the network, there is always the possibility of it being hacked. Along with technology, it is understood that the problem is not “if” but “when” an account will be compromised. Therefore, you should consider taking every possible step to maintain the highest possible level of safety. To get there, consider the following advice:

  • Use a secure browser like firefox or Brave.
  • Never allow your browser to save your passwords.
  • Through a password manager.
  • Use two-factor authentication for all your accounts and password managers.
  • Always use a randomly generated password from your password manager.
  • If your browser of choice has a master password feature, use it.
  • Set your password manager to automatically lock its vault immediately after use.
  • If using a Chromebook, enable Linux and install a password manager.

Follow the advice above and you’ll be significantly safer than if you just used Chrome, allowing Chrome to save your passwords and depending on Chrome’s built-in password manager.

Also: Time to start using a password manager (like it or not)

Your passwords are the key to so many “kingdoms” and you should treat them as if they were precious goods. Take every step you can to protect yourself, even if it means disrupting the workflow you’ve created.

Be safe… no apologies.

news7f

News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button