When you visit a website that requires you to log into your account, your internet browser asks you if you want to remember your password, so the next time you visit the same site and start typing your user name, your web browser will automatically fill in your account credentials.
Given the difficulty in remembering passwords this is a compelling option.
But there’s a very good reason why you should never allow a web browser to remember your passwords; it’s very easy for someone else to view these stored passwords.
This can be done by someone at your computer or by a hacker remotely.
Let’s take a look at the two most popular browsers, Firefox and Chrome:
- If you're using Windows 10 you will be prompted for a user password in order to access saved passwords in the Chrome browser. However, there are plenty of tools available, such as iSumsoft Windows Password Refixer, which make it possible for someone to reset a Windows password and access the passwords.
- Firefox gives instant access to passwords, without authentication, unless a master password is set.
There is also another way to gain access to browser-stored passwords regardless of operating system, such as Windows 10 or macOS, even if a password prompt is required:
- Using the Inspect Element window of a browser, someone who know what they are doing can edit the code of a page in such a way that it will un-hash a user password, revealing the password.
However, perhaps of greater concern is the relative ease with which hackers can access data stored in a browser using a variety of malware.
- Infostealers are well known malware types that steal browser data as well as other information on a computer.
- There are also free hacking tools that lift saved passwords from Microsoft Edge, Mozilla Firefox, Google Chrome, Safari, and Opera.
These tools exploit browser vulnerabilities which is why it’s important to ensure that browser updates are always applied. Infostealers are also usually inserted into a computer via phishing mails and malicious website links.
- If your computer or mobile device is ever lost or stolen, whoever ends up with possession of it will have access to any online accounts that you have allowed your browser to store the passwords for.
- If a hacker takes control of your computer remotely over the internet, via malware, they will have access to your online accounts if passwords are stored in the browser.
- Storing passwords in a browser also makes your accounts vulnerable to people who might want to snoop around on your computer when you aren’t around.
Rather than have a web browser store your passwords consider a password manager. This is a far better option than handing over the security of your passwords to a web browser.
You can also consider the following options:
- You can disable (or choose not to enable) autofill and ‘save password settings’.
- Use a reputable VPN so your internet browsing activities, including entering passwords into websites, is carried out under the cloak of anonymity.
And above all make sure you’re using good internet security software
so your computer can’t be infected with malware that steals information from the browser.