How safe is it to save your passwords on your browser?

While saving passwords on your browsers are a convenient way to remember all your passwords, they are quite easy to grab passwords from website from someone who tries to use your browser. We would not recommend doing it.

Most modern browsers have the ability to save passwords so that you don’t have to enter your username and passwords every time. But as the time goes you add in a lot of passwords for all different sites. The scary part is when someone tries to use the browser you are trying to use for something. They are free to snoop around with the browsers list of saved passwords. Because as it stands it is very easy to go into the settings and check passwords for all the sites you’ve accessed.

The Problem

You use your browser to access all your social network, bank accounts, shopping and entertainment websites. While it is inconvenient to enter your password every time, you save it on the browser so it will automatically present you with the username and passwords and you just have to log in. Now, what if a friend has to use the computer for some research. The saved passwords aren’t hard to access. Firefox allows master password, but that only makes an annoying popup every time you access a site with which you have the password saved. Once you unlock every password is open to access.
This is how easy it is to access someones passwords on Mozilla Firefox browser. It takes less than 30 secs to grab them.

Firefox Password Access
If you are at work or home, you cannot always rely on your instinct to log off your user on your operating system either Windows, Mac or Linux. There’s always a chance that someone could be able to get access before the sleep mode initiates. You can un-sync or switch profiles, but that is one more step for you every time you have to let someone else use the browser.
Browsers like Chrome and Firefox also save your password on your account on their server. And it’s not something you can control and a lot of sites get hacked every day.

The Solution

The solution to this is used standalone password managers who have browser extensions to autofill passwords and still need a pin. Keepass, Enpass are a great example that offers you exclusive password managing features that rely on very strong encryption. KeePass is open-source, and Enpass doesn’t store the encrypted passwords on their servers. Instead, Enpass uses your cloud service to sync passwords through your devices. These applications are lightweight and don’t take a lot of resource or memory on your operating system or memory.
Next time you try to log in somewhere, tries to save the passwords in the password manager as well. And then remove the password from the browser. Now you don’t have to worry a lot about someone hijacking your password from the browser.

Extra Steps

Don’t use “Keep me logged in” on sites you need extreme privacy like your social networks, bank accounts and so on. The password managers can enter the passwords automatically, and you’re just one step away from logging in securely. Having your session saved with a cache adds to the security and privacy risks every time.
So what do you think about the idea of not having your password saved on your browsers? Is it probably safe if you’re the only one using your operating systems user? Or if you have “Keep me logged in” on sites, is it vulnerable to session hijacking?
Let us know in the comments.

Leave a Reply