“Do you want to save your password?” Many of us, depending on our web browser, are familiar with this pop-up message. Whenever we log into an account, our web browsers often ask us if we want them to save our password. The offer may sound tempting since you can create a strong password and not even have to remember it! However, as the saying goes, if something is too good to be true, it probably is; this is the case with storing passwords in-browser.
Browsers Don’t Always Encrypt Passwords
First and foremost, some browsers don’t encrypt the passwords that they save for you. Encryption is a way to convert data into a format that makes no sense unless it is converted back. Think of it being like a secret code, where only the people who know the code can effectively communicate with it. By encrypting data, you are adding another level of security to the data. Even if that data gets stolen, it is going to be mostly unintelligible unless it is decrypted (decrypting is the act of undoing or reversing encryption). By not encrypting data, it is being stored in its original form (sometimes referred to as “plaintext”).
So, if your browser does not encrypt the passwords it saves, it is storing those passwords just as they are. Sure, they may censor them with circles or asterisks on the screen, but the actual information is still present. This means that, if someone accessed where the passwords were stored, they’d be able to retrieve and read all of them.
Access to Browser = Access to the Accounts
Even if the browser did store the passwords in an encrypted format, there is still a glaring security issue present here. If all of your passwords are stored in your browser on your computer, and someone else goes onto your computer, then they can log into any of the accounts that have a saved password. The United Kingdom’s National Cyber Security Centre asserts that “if you’re using a shared computer outside your home (for instance, at a college or library) you should never save your password in a browser”. For example, if you save a password to your bank account in your browser, and you let one of your friends use your computer, they can log into your bank account since you saved the password to the browser.
Simply not sharing the device or ensuring that each user of a computer has their own profile can help to partially solve this issue. However, if your device gets stolen, the thief could get into any of the accounts that have a password saved in browser. Even if you have a password to your computer, that doesn’t mean your passwords are safe if it gets stolen; there are ways to circumvent the computer password. A strong computer password is a good first line of defense, though! Similarly, if your device gets hacked or infected with malware, it is possible that the attacker could easily steal your saved passwords without you even knowing.
How Can I Safely Store my Passwords?
While, in theory, the safest way to store your passwords is to memorize them, this is unrealistic to expect (especially since your passwords should be lengthy and contain a variety of numbers and symbols). Thus, if you like the idea of having your browser save your passwords for you, there is an alternative that is, in some ways, a bit more secure: a password manager.
Password managers, also called password vaults, function by storing all of your passwords in one convenient location. Unlike browsers, password managers almost always use encryption to store these passwords, already making a password manager a better choice than having your browser save your passwords. To further increase security, you have to enter in a “master password” to gain access to all passwords in your manager (instead of being able to access them with a few clicks, like in the browser). This also simplifies memorizing passwords: you only need to memorize one (lengthy and complex!) password. Not only that, but some password vaults provide the option to generate long, complex passwords for you to use.
So, if you want something secure to manage your passwords, a password manager is the way to go. However, password managers are not perfect solutions, either. For one, you are putting your trust in a third-party to keep your passwords stored safely and securely. According to Davis, “cybercriminals have targeted and successfully breached some of the biggest password management providers”, thus showing that even these entities are not completely bulletproof from attacks. This is an important factor to keep in mind, but it is also important to keep in mind that no form of technology is truly bulletproof. As Davis states, “there is no such thing as 100% secure”.
Similarly, just as a hacker could access your device through the use of malware and steal your passwords from your browser, it is possible for a hacker to steal your master password for your vault (Davis). This example highlights one of the biggest issues with a password manager: if your master password is somehow discovered, then the security of all of your accounts is compromised. Thus, it is important to make your master password as secure as you possibly can, but also something you can remember. Also, if you are unable to remember your master password, then you won’t be able to access your password vault, which is a big issue.
While you could technically write your passwords down, this is not advisable. But, if you do, store the written passwords in a secure place, such as a safe or lockbox! Don’t leave them on your monitor, under your keyboard, or in your desk drawers. Definitely don’t save them as a document on your device, either; that is the equivalent of leaving your house keys in the lock at all times!
In the end, it truly depends on personal preference whether to use a password manager or just memorize your passwords. If the choice is between having your browser save your passwords and using a password vault, the vault is definitely the more secure option.
Resources & Further Reading
Davis, Lee. “Are Password Managers Safe in 2023?” Forbes, 27 Apr. 2023, http://www.forbes.com/advisor/business/are-password-managers-safe/.
National Cyber Security Centre (NCSC). “Password Managers: Using Browsers and Apps to Safely Store Your Passwords.” NCSC, http://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers. Accessed 9 July 2023.
The H.A.C.K.E.R. Project 
Leave a comment