The Risk of Browser Saved Passwords
Why Browser Saved Passwords Are Not Safe
If you walk away from your unlocked computer, (even briefly) at work or in public, there is a very real risk that someone could steal your passwords in just a few simple clicks. When you’re asked to login to any website, your browser will ask if you’d like to save your username and password.
If you allow it, next time you visit that website, you’ll see your login information pre-populated so you won’t have to remember it.
Easy, right? Safe? Absolutely not.
As you browse the web and create new accounts, your web browser stores a database of logins. Next time you visit a website, your browser scans your previous logins and if it finds a match, grabs the appropriate login info as needed.
To login, all you need to do is hit the submit button – no pesky login info to remember.
But here’s the dark side. (This is where the security risk comes in.)
Depending on the browser, if hackers gained access to your computer, they could actually extract the contents of the database – and get access to ALL your private logins.
In the event one of your accounts was compromised, if you reuse passwords (which many people do) the hacker could also gain access to other accounts that belong to you.
What About Cookies?
You may or may not be familiar with the concept of cookies.
(Of course, we’re talking the electronic kind of cookies, not chocolate chip.) 🙂
Essentially, cookies are used to “remember” your password, but not in the same sense as browser saved passwords.
The purpose of cookies is to prevent you from having to login multiple times for each new page you visit after you’ve logged in.
Your login info itself is not saved in a cookie.
Rather, the website you’ve logged into puts code on your machine that remembers who you are and confirms you have already logged in. This code is unique to the website and your computer.
Do cookies expire?
Yes, cookies are often time constrained. This is why you are logged out of a website after a certain period. Cookies are removed when you log out of a website. Alternatively, you can set your browser to remove them when you shut down the browser.
A Safer Alternative to Browser Saved Passwords
One way to address the risk of browser saved passwords is by creating a “master password” on your browser’s database of logins.
(But be aware, this isn’t the most foolproof method of securing your logins. Keep reading for our recommendation.)
Master passwords help prevent someone from walking up to your computer, simply clicking login and accessing a private website as you. They also help encrypt your database of passwords to prevent a hacker from stealing your sensitive login information.
The “It Won’t Happen to Me” Mindset
In a business environment, all it takes is one disgruntled employee to access sensitive company information from your unlocked computer while you’re out on lunch – and you’ve put the company at risk.
You might not think something like this would happen, but we are talking about prevention and security risks for businesses are at an all-time high.
You don’t want someone defacing your Facebook page, do you?
Secure Your Passwords the Right Way
A better solution for keeping your private logins safe is to use a secure password program like LastPass.
It’s free and you can use it on your PC and Mac without restrictions. They have versions available for any platform and device you’d like and a paid version with additional security layers if needed.
With LastPass, a master password is required, not optional. You can add additional layers of security such as:
- Requiring the master password after a period of activity (that you specify).
- Requiring that certain websites require you to re-supply your password (for highly sensitive websites like banking).
- Two-factor authentication that requires your master password and a second authentication factor when accessing your passwords.
With the addition of easy-to-use, secure password tools like LastPass, there is really no reason to use browser saved passwords. Be sure to use a strong, secure master password and consider additional layers of security to lower the risk of compromising your passwords.
Above all else, never save passwords to a browser on a computer you don’t control (such as a public or shared work computer).
Strengthen your network passwords
A network security assessment is typically a good first step in securing your network. Request an introductory meeting below where we will cover the details of what our network security assessment includes, what the expected outcome is, and how we can assist in securing your network from potential vulnerabilities and cyber attacks.
Contact our support team at 262-522-8560 or complete the form below to get started.
Ready To Talk?
A quick 10-minute call is all it takes to see if we’re a good fit. If we aren’t for whatever reason, we’ll point you in the right direction.