Enterprise IT security news and advice

Is it Safe to Use your Browser to Save Passwords?

It may seem like a great convenience to be able to save all of your most-used passwords in web browsers so that you do not have to continuously enter them every time you use a platform or login to an online account. However, this is not advisable. When prompted by a browser to save your password, ignore it. Passwords stored in browsers are not secure. There is a much safer and more secure way of saving your passwords and that is to use a password manager.

Along with saving your password in a secure vault that only you have access to, and automatically entering them when you visit a website/platform, a password manager also comes with a password generator that creates completely unique and random passwords for all of your accounts. Bitwarden provides all of this and can be deployed in the cloud or self-hosted.

Some of the main advantages to using a password manager, as opposed to saving passwords in your browser, are listed below:

  1. What’s the password again? How many times per week are you asked ‘what’s the password for…’ by your spouse, kids, or even friends? Probably more than you like to admit! With your browser, you do not have a way of sharing those passwords at all. Password managers like LastPass allow you to share not just passwords (think household bills and streaming media), but also important information like medical IDs, your AA number, and passport numbers. Not only is it simple to share these using a password manager, it is also safe because all data is encrypted and decrypted locally.
  2. Forget about credentials with single-sign-on. To improve productivity in the workplace you should – as far as is possible – automate authentication rather than placing the burden on employees. This can be achieved with single sign-on. With single sign-on, employee work accounts can be quickly accessed without employees having to enter credentials. Credentials can also be compromised so there is also a security benefit. Single sign-on is also ideal for IT teams managing a remote environment. They can easily manage employee access to applications, which solves the problem of having employees with unnecessary privileges. 
  3. Access anytime, anywhere. Saving passwords in a browser limits access to a single device. With a password manager, passwords are synced across all browsers and all devices. If you need a password when you are using a tablet or your phone, or when you are asked for your Wi-Fi password, it is quick and easy to access it. With a password manager, your passwords can be accessed come what may. Even if your device is stolen or accidentally dropped down the toilet. You can simply login to your account from any device to retrieve the information you need.
  4. Excellent Security. Password managers are very secure. All you need to do is set a strong and unique master password to protect your password vault. Most password managers work on the zero knowledge model, where the platform provider does not have access to the password vault. That means only the account holder can access their passwords. Some browsers require you to login, but many do not. Most password managers use AES 256-bit encryption, which is widely recognized as one of the strongest encryption standards. Encryption and decryption happens locally on your device. Some password managers, Bitwarden for example, also strengthen the master password and encryption key with salted hashing and PBKDF2 with SHA-256 which is far more secure than any browser saved password.
  5. Account protection with 2-factor authentication. 2-factor authentication is an important security measure for verifying that a person with a password is authorized to use it. Most password managers add this extra level of security to ensure that if a password is compromised, the account will remain secure. 
  6. Dark web monitoring.  The dark web is where stolen credentials are sold and traded. Some password managers include dark web monitoring and will alert users if their passwords have been compromised in a data breach. While you can regularly check to see if your passwords have been compromised, it is time consuming and usually forgotten or not performed frequently enough. With this service set up and running in the background, in the event of a data breach you will be able to take rapid action to protect your accounts.  

 

Author: Patrick Kennedy

Share This Post On