The Risk of Browser Saved Passwords
Saving passwords in your browser is an easy mistake to make and chances are high you’ve made this mistake within the past 30 days. Most of us have numerous passwords to keep track of on a regular basis for both business and personal life. While it may be tempting to click “Remember Password” when your web browser prompts you, doing so puts your security at RISK.
Why Browser Saved Passwords Are Not Safe
If you walk away from your unlocked computer, (even briefly) at work or in public, there is a very real risk that someone could steal your passwords in just a few simple clicks.
When you’re asked to login to any website, your browser will ask if you’d like to save your username and password.
If you allow it, next time you visit that website, you’ll see your login information pre-populated so you won’t have to remember it.
Easy, right? Safe? Absolutely not.
As you browse the web and create new accounts, your web browser stores a database of logins. Next time you visit a website, your browser scans your previous logins and if it finds a match, grabs the appropriate login info as needed.
To login, all you need to do is hit the submit button – no pesky login info to remember.
But here’s the dark side. (This is where the security risk comes in.)
The Browser Security Risk
This database of passwords stored in your browser is not as secure as you might think.
Depending on the browser, if hackers gained access to your computer, they could actually extract the contents of the database – and get access to ALL your private logins.
In the event one of your accounts was compromised, if you reuse passwords (which many people do) the hacker could also gain access to other accounts that belong to you.
What About Cookies?
You may or may not be familiar with the concept of cookies.
(Of course, we’re talking the electronic kind of cookies, not chocolate chip.) 🙂
Essentially, cookies are used to “remember” your password, but not in the same sense as browser saved passwords.
The purpose of cookies is to prevent you from having to login multiple times for each new page you visit after you’ve logged in.
Your login info itself is not saved in a cookie.
Rather, the website you’ve logged into puts code on your machine that remembers who you are and confirms you have already logged in. This code is unique to the website and your computer.
Do cookies expire?
Yes, cookies are often time constrained. This is why you are logged out of a website after a certain period. Cookies are removed when you log out of a website. Alternatively, you can set your browser to remove them when you shut down the browser.
A Safer Alternative to Browser Saved Passwords
One way to address the risk of browser saved passwords is by creating a “master password” on your browser’s database of logins.
(But be aware, this isn’t the most foolproof method of securing your logins. Keep reading for our recommendation.)
Master passwords help prevent someone from walking up to your computer, simply clicking login and accessing a private website as you. They also help encrypt your database of passwords to prevent a hacker from stealing your sensitive login information.
The “It Won’t Happen to Me” Mindset
In a business environment, all it takes is one disgruntled employee to access sensitive company information from your unlocked computer while you’re out on lunch – and you’ve put the company at risk.
You might not think something like this would happen, but we are talking about prevention and security risks for businesses are at an all-time high.
You don’t want someone defacing your Facebook page, do you?
Secure Your Passwords the Right Way
A better solution for keeping your private logins safe is to use a secure password program like LastPass.
It’s free and you can use it on your PC and Mac without restrictions. They have versions available for any platform and device you’d like and a paid version with additional security layers if needed.
With LastPass, a master password is required, not optional. You can add additional layers of security such as:
- Requiring the master password after a period of activity (that you specify).
- Requiring that certain websites require you to re-supply your password (for highly sensitive websites like banking).
- Two-factor authentication that requires your master password and a second authentication factor when accessing your passwords.
With the addition of easy-to-use, secure password tools like LastPass, there is really no reason to use browser saved passwords. Be sure to use a strong, secure master password and consider additional layers of security to lower the risk of compromising your passwords.
Above all else, never save passwords to a browser on a computer you don’t control (such as a public or shared work computer).
Or, learn more about what's included in a Network Security Assessment here.
Strengthen your network passwords
If your business needs assistance securing passwords on PCs and devices throughout your network, we can help.
Passwords are just one of many ways to secure your business network. If there are other security loopholes in your network you might not be aware of, we can help you identify and remove them.
A network security assessment is typically a good first step in securing your network. Request an introductory meeting below where we will cover the details of what our network security assessment includes, what the expected outcome is, and how we can assist in securing your network from potential vulnerabilities and cyber attacks.
Contact our support team at 262-522-8560 or complete the form below to get started.
Schedule a network security assessment
Request a security assessment below. We'll contact you to schedule a complementary introductory meeting to discuss the details of the assessment and how we can best assist you.
*This security analysis is not all encompassing. However, the results of this analysis may prompt additional recommendations that are more focused on specific aspects of your environment. EX: PCI & HIPAA audits, in-depth anti-virus testing, firewall/router audit, etc.