Save $99 on eero Pro 6 + Install. Use Code EEROINSTALL

Is Allowing Your Browser to Remember Passwords Safe or Risky?

password

Not long after signing into an online service, your Web browser promptly asks if you’d like it to store your username and to remember passwords so it can autofill the information for future sign-ins. You’re given three options: yes, no (and never to be asked again), and ignore. Is it safe to click yes, or does it jeopardize your account’s security?

The Pros and Cons of the Remember Passwords Feature

On one hand, you benefit from convenience when you click yes. This browser feature lets you quickly sign into your accounts without typing your username and password anymore. On the other hand, anybody who has access to your computer can launch your Web browser, obtain your remembered passwords and use them to sign into your online accounts without permission. So maybe you trust your partner, friend or kid to respect your privacy. They’d never poke around while using your computer. That’s all well and good, but what if a thief steals your computer? Or what if you lose your computer at a public venue, and a random person finds and keeps it for himself? Would your remembered passwords stay safe then?

Also worrisome is how web browsers handle remembered passwords. Many of them let you (or anyone for that matter) view the password list with little effort:

  • Microsoft’s Internet Explorer 11 stores saved passwords at the Credential Manager. To go there, launch the browser, click the Tools (gear) button, and select Internet Options. Go to the Content tab, click Settings for AutoComplete, and click Manage Passwords. In the Credential Manager window, click Web Credentials, click on the down arrow to the right of the website whose login credentials you want to view, and click on the Show link to reveal the masked password.
  • In Google Chrome (as tested on version 50), open the browser menu, and select Settings. Scroll down, click Show Advanced Settings, scroll down further, and click the Manage Passwords link under Passwords And Forms. Select an entry you want to view in the list of Saved Passwords, and click Show to the right of the masked password field.
  • In Mozilla Firefox (as tested on version 43), open the browser menu, select Options, select Security on the left panel, and click the Saved Logins to open the browser’s password manager. Click Show Passwords to view all passwords you have saved.

Of the aforementioned web browsers, only Firefox lets you set a master password to protect your saved credentials. The other browsers readily expose stored logins, passwords, and even credit card details, though some versions of Windows may intervene and require you to enter the computer’s user account password first. Even then, there are many alternative methods for password recovery thanks to advanced third-party utilities you can download online.

At best, the remember passwords feature offered by browsers is only recommended for use on online accounts of little to no importance. These include accounts for discussion forums, Q&A websites, and social news. Never use the feature on accounts for banking, email, and social networks, especially when you have a bad habit of using the same password on these accounts. More importantly, do not save your passwords on other people’s computers.

Use a Dedicated Password Manager Instead

Instead of the built-in password managers of browsers, consider using third-party solutions. Many of them, such as LastPass, KeePass and PasswordBox, are available for free and offer advanced features to protect your passwords.  Use a password manager together with two-factor authentication to keep your accounts even more secure.

Was this article helpful?

Thanks for your feedback, add a comment here to help improve the article