The Risk of Browser Saved Passwords: It’s No Joke

On April 1st, 2016, posted in: Security Threats by Comments Off on The Risk of Browser Saved Passwords: It’s No Joke

The Risk of Browser Saved Passwords: It’s No Joke

It’s April Fool’s Day, but seriously, this is no joke.

In fact, it’s an easy mistake to make and chances are high you’ve made this mistake within the past 30 days.

Most of us have numerous passwords to keep track of on a regular basis for both business and personal life. While it may be tempting to click “Remember Password” when your web browser prompts you, doing so puts your security at RISK.

If you walk away from your unlocked computer, (even briefly) at work or in public, there is a very real risk that someone could steal your passwords in just a few simple clicks.

See for yourself. (Yes, it’s shocking, but this method really works.)

Here’s HOW this Works

The risk of browser saved passwordsWhen you’re asked to login to any website, your browser will ask if you’d like to save your username and password.

If you allow it, next time you visit that website, you’ll see your login information pre-populated so you won’t have to remember it.

Easy, right? Safe? Absolutely not.

As you browse the web and create new accounts, your web browser stores a database of logins. Next time you visit a website, your browser scans your previous logins and if it finds a match, grabs the appropriate login info as needed.

To login, all you need to do is hit the submit button – no pesky login info to remember. But here’s the dark side. (This is where the security risk comes in.)

Why Your Browser Saved Passwords Are NOT Safe

This database of passwords stored in your browser is not as secure as you might think.

Depending on the browser, if hackers gained access to your computer, they could actually extract the contents of the database – and get access to ALL your private logins.

In the event one of your accounts was compromised, if you reuse passwords (which many people do) the hacker could also gain access to other accounts that belong to you.

What About Cookies?

Browser cookiesYou may or may not be familiar with the concept of cookies. (Of course, we’re talking the electronic kind here, not chocolate chip.) 🙂

Essentially, cookies are used to “remember” your password, but not in the same sense as browser saved passwords.

Websites you visit use cookies that are only placed on your computer once you’ve logged in.

The purpose of cookies is to prevent you from having to login multiple times for each new page you visit after you’ve logged in.

Your login info itself is not saved in a cookie.

Rather, the website you’ve logged into puts code on your machine that remembers who you are and confirms you have already logged in. This code is unique to the website and your computer.

Do cookies expire?

Yes, cookies are often time constrained. This is why you are logged out of a website after a certain period. Cookies are removed when you log out of a website. Alternatively, you can set your browser to remove them when you shut down the browser.

A Safer Alternative to Browser Saved Passwords

One way to address the risk of browser saved passwords is by creating a “master password” on your browser’s database of logins.

(But be aware, this isn’t the most foolproof method of securing your logins. Keep reading for our recommendation.)

Master passwords help prevent someone from walking up to your computer, simply clicking login and accessing a private website as you. They also help encrypt your database of passwords to prevent a hacker from stealing your sensitive login information.

The “It Won’t Happen to Me” Mindset

Browser password risksIn a business environment, all it takes is one disgruntled employee to access sensitive company information from your unlocked computer while you’re out on lunch – and you’ve put the company at risk.

You might not think something like this would happen, but we are talking about prevention and security risks for businesses are at an all-time high.

Not to mention, it IS April Fool’s Day! You don’t want someone defacing your Facebook page, do you?

Secure Your Passwords the Right Way

A better solution for keeping your private logins safe is to use a secure password program like LastPass.

It’s free and you can use it on your PC and Mac without restrictions. They have versions available for any platform and device you’d like and a paid version with additional security layers if needed.

With LastPass, a master password is required, not optional. You can add additional layers of security such as:

  • Requiring the master password after a period of activity (that you specify).
  • Requiring that certain websites require you to re-supply your password (for highly sensitive websites like banking).
  • Two-factor authentication that requires your master password and a second authentication factor when accessing your passwords.

With the addition of easy-to-use, secure password tools like LastPass, there is really no reason to use browser saved passwords. Be sure to use a strong, secure master password and consider additional layers of security to lower the risk of compromising your passwords.

Above all else, never save passwords to a browser on a computer you don’t control (such as a public or shared work computer).

Need Assistance Securing Your Passwords?

If your Milwaukee area business needs assistance securing passwords on PCs and devices throughout your network, we can help.

Passwords are just one of many ways to secure your business network.  If there are other security loopholes in your network you might not be aware of, we can find and remove them.

Contact us today by phone (262) 522-8560 or email to request a Free Network Discovery. One of our highly qualified technicians will evaluate your network during a free, no-obligation network assessment.