Can I Rely on My Browser for Password Management?

When someone creates a new online account, choosing a password can be difficult, and remembering those passwords is even more challenging. Some people use the same simple, easy-to-remember passwords for multiple accounts. Others keep a running list of account credentials in a Word or Excel file or handwritten on sticky note or a notebook/organizer. None of these methods are effective or safe.

It may seem tempting to accept when your web browser offers to remember your password. Unfortunately, your browser password manager does not encrypt your passwords, so it is not the most secure solution. It may be in your best interest to select a more secure third-party password manager, or at a minimum, take additional steps to safeguard your accounts. Understanding the risks of using a various password management solutions, you can make an informed decision that best meets your business and personal needs.

Risks of Using Your Browser Password Manager

Web browsers are notoriously easy to hack. Many types of malware and browser extensions can extract stored data from your browser, including usernames, passwords, and credit card information. Furthermore, if someone gains control of your computer remotely, they can utilize your stored credentials to access any of your information on those websites. If someone steals your device, you could still be logged into the browser, and the thief will have access to many accounts with a stored password.

Storing passwords in your browser for financial websites is especially dangerous. Imagine how easily a hacker could transfer money out of a bank account or make fraudulent purchases if they have access to your login credentials.

Although it may seem convenient to save a few minutes by storing all passwords in one place, if one of your accounts is compromised, you will likely spend countless hours doing damage control. Data breaches cost companies and individuals time, money, and in some cases, their reputation.

Best Practices Versus Reality

A third-party password vault is more secure than a browser password manager. A fully encrypted password managers can keep your credentials safe while providing the same level of convenience as the browser. They often operate as a browser extension that allows you to seamlessly utilize them across the web and typically on multiple devices.

Apple and Samsung provide their own password managers that are fully encrypted and very reliable, but they are only available on devices made by those companies. For example, suppose someone enables iCloud Keychain on their iPhone, or Samsung Pass on their Galaxy phone, but utilizes another brand of computer. In that case, those stored passwords will only be accessible on their phone. They will either need a separate password manager for their computer, or they will be left to remember passwords on their own.

Most third-party password managers work on multiple platforms, such as Windows, Mac, iOS, and Android. This is a clear advantage that makes third-party password vaults more convenient. In addition to storing your passwords, these apps can also help you generate stronger passwords for an additional layer of security.

Despite the wide availability of third-party password managers, numerous businesses and individuals do not utilize them. Some common reasons include cost, fear of keeping all passwords in one place despite encryption, and not wanting to take the time to install and learn a new program. Other potential users simply do not know third-party password managers exist or do not understand the benefits over the browser password manager.

The Weakest Link

It may not come as a surprise to learn that people are the weakest link in privacy and security. Humans often take shortcuts to save time and money, and make mistakes due to emotions, lack of training, or simply not paying close enough attention. These shortcuts and errors can seriously compromise an individual’s or company’s data security.

When people choose not to use a password manager, they often create simpler passwords and use the same password for multiple accounts. People frequently post personal details on social media without realizing that they may be giving cybercriminals clues to guess their passwords.

For example, “Cleopatra2023!” meets the requirements for a strong password on many platforms, but if you frequently post pictures of your new kitten Cleopatra publicly, skilled hackers can easily guess variations of this name as your password.

For this reason, businesses and individuals should utilize a third-party password manager if they choose to disable the browser password manager. If it is not realistic to use a third-party password manager for financial or other reasons, perhaps the browser password manager is the next safest option, but you should proceed with caution.

Finding a Realistic Compromise

A password manager is only beneficial if you actually use it. You know your employees best, and perhaps you feel that they will be more compliant with good password practices by continuing to use the browser password manager for day-to-day activities. If this is the case, you should instruct them to follow additional measures to safeguard login credentials, including:

Use the browser password manager for non-sensitive accounts only. You should not store passwords for financial accounts, accounts containing health records, or any other sensitive information.
Regardless of how you store passwords, make sure you create unique passwords for each account and follow these best practices.
Don’t fall into non-secure practices for any type of password, even if the account does not contain sensitive information.
Set up multi-factor authentication (MFA), especially for accounts that have more sensitive information.
Use a third-party password vault for accounts that are more sensitive.

Protect Your Business Like You Would Protect Your Home

When you lock up your home, you wouldn’t leave the key in the doorknob. Even though keeping a spare key under the mat may seem convenient if you get locked out, it is one of the first places thieves will check. You may even use security cameras to monitor activity and deter intruders.

Protecting your business and personal accounts online is just as important as protecting your home. Cybercriminals successfully access private data on a daily basis, and businesses or individuals cannot afford to let their guard down. In addition to utilizing a comprehensive privacy and security program, creating strong passwords and storing them safely is an important step in protecting your business from data breaches.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.