When you visit a website requiring you to log in to your account, your internet browser asks you if you want to remember your password, so your web browser will automatically fill in your account credentials the next time you visit the same site and start typing your username.
This is a very compelling option given the difficulty in remembering passwords.
But there is a very good reason why you should never allow your passwords to be recalled by a web browser; accessing such stored passwords is very convenient for another.
This can be done remotely by someone on the machine, or by a hacker.
Let’s have a look at Firefox and Chrome, the two most popular browsers:
If you’re using Windows 10 to view stored passwords in the Chrome tab, you’ll be asked for a device password. There are however plenty of tools available, such as iSumsoft Windows Password Refixer, which allow somebody to reset a Windows password and view passwords.
Firefox gives the passwords instant access, without authentication.
There is also another way to gain access to browser-stored passwords regardless of operating system, such as Windows 10 or macOS, even if a password prompt is required:
Using the Inspect Element window of a website, people who know what they are doing will change the code of a page in such a way that it can un-hash a user password, exposing the password. Unless a master password is set.
Another way to gain access to browser-stored passwords regardless of operating system, such as Windows 10 or macOS, even if a password prompt is required:
- Using the Inspect Element window of a browser, someone who know what they are doing can edit the code of a page in such a way that it will un-hash a user password, revealing the password.
A greater concern is the relative ease with which hackers can access data stored in a browser using a variety of malware.
- Infostealers are well known malware types that steal browser data as well as other information on a computer.
- There are also free hacking tools that lift saved passwords from Microsoft Edge, Mozilla Firefox, Google Chrome, Safari, and Opera.
Tools like these exploit browser weaknesses which is why it’s necessary to ensure that browser updates are always applied. Information thieves are also usually inserted into a computer via phishing mails and malicious website links.
- If your computer or mobile device is ever lost or stolen, whoever ends up with possession of it will have access to any online accounts that you have allowed your browser to store the passwords for.
- If a hacker takes control of your computer remotely over the internet, via malware, they will have access to your online accounts if passwords are stored in the browser.
- Storing passwords in a browser also makes your accounts vulnerable to people who might want to snoop around on your computer when you aren’t around.
Instead of having a web browser store your passwords consider a password manager. This is a far better option than handing over the security of your passwords to a web browser.
You can also consider the following options:
- You can disable (or choose not to enable) autofill and ‘save password settings’.
- Use a reputable VPN so your internet browsing activities, including entering passwords into websites, is carried out under the cloak of anonymity.
And above all make sure you’re using a good internet software so your computer can’t be infected with malware that steals information from the browser.