Is It Really Safe to Store Passwords in the Browser?

Most modern browsers offer users the option to store passwords for convenience. However, like with many other aspects of technology, users are faced with a decision between security and ease of use. “Do you want Chrome/Firefox/IE/Opera to save your password?” Before agreeing, there are a few things you might want to consider:

  • Opera – This summer, an attack directed at Opera exposed login credentials and other personal information stored within Opera browsers for over 1.7M users.
  • Features – It is important to recognize that password management is a component or a feature—not necessarily the focus—of most browsers.
  • Security – Security mechanisms that protect stored password information differ from browser to browser. Firefox offers a master password option for encryption, while Chrome utilizes the OS user password for this.
  • External apps – Dedicated password management applications, such as LastPass or Keepass, could offer an extra layer protection.
  • Malware – Browser password storage may be more susceptible to malware built to act as the user, browser hooks, keyloggers (LastPass offers a virtual keyboard for master password entry), etc.
  • Updates – Check your settings to ensure your browsers are configured to automatically update. Most do this by default.
  • Authentication – Always use two-factor authentication (2FA) when available.

It is also important to consider what type of data you are trying to protect. If you can do it, the safest place to store a password is in your brain. It could be beneficial to remember unique passwords for important things—such as your email and bank account—and auto-generate and store passwords for everything else with a password manager protected by a very strong master password and 2FA. Auto-logout can also be configured for external password managers. Avoid using the same password in more than one location.

At present, there are no perfect password management solutions and using any type of password management service is still a risk. However, the added layer of protection from both a dedicated service and 2FA offers users an option which many security professionals consider to be of a lesser one.

Learn More:

About Danielle Pucciarella-Galkova 18 Articles
Hi! I'm a Security Engineer at a startup in the Bay Area. I have a Master's in Cybersecurity and I love teaching about tech! Check out my YouTube channel ↓down there↓ :)

Leave a Reply

5 Comments on "Is It Really Safe to Store Passwords in the Browser?"

Notify of
avatar
Sort by:   newest | oldest | most voted
Mohammad
Guest

You are the best writer on GeekSexyNews, I have been loving your post.

Sasha
Guest

Steve Gibson from twit Security Now has been building this SQRL thing for years as the perfect solution to password. https://www.grc.com/sqrl/sqrl.htm
Does this have any future, otherwise make any sense?

Fast Cheetah
Guest

Very useful article. Loving the whole GSN thing and it’s writers. Very simple and effective news website.

wpDiscuz