The Good, Bad, and Ugly of Storing Passwords in Your Browser
Are you sacrificing password security for convenience? A lot of people do it; use the built-in password manager on their web browser. Why not? It’s an easy and convenient way to create and recall unique usernames and associated passwords for different accounts without having to remember them all. Visiting a member-only website or checking an account balance? Just click and the right data is populated in the login window.
For many users, a web browser’s password manager function is a step in the right direction over their previous method, that is, using the same username and password for every online account. But a web browser’s password manager is not as safe as it may appear – especially in business environments. In this article we’ll review the good, the bad, and the potentially ugly outcomes of storing passwords in your browser, and why a true password management solution is your best course of action.
The Good: The Upside of Storing Passwords in Your Browser
- Password management is already integrated into browsers. The most popular web browsers such as Google Chrome, Firefox, and Safari already have password managers built in. That means there’s no additional software to purchase and install, no compatibility issues.
- Syncs across multiple devices. If you use the same OS and web browser on your desktop, laptop, and mobile device, all the logins saved to the browser will be available to the authorized user on any device running the common OS.
- Auto-fill convenience. Go to a password protected website and the browser will correctly populate the login window without you having to look up and manually input character strings. It’s fast and eliminates data entry errors.
- Automatic password generation. Most web browsers are capable of suggesting strong passwords using a combination of random numbers, letters, and symbols when opening a new account, visiting a site for the first time, or changing an existing password.
It is this last feature that gives users a false sense of security in that they are creating unique passwords for each account. This is the trap of browser-based password management.
The Bad: The Downside of Storing Passwords in Your Browser
- Web browsers are not designed to be password managers. The password management function in a browser is an extension, an added feature. Sure, it’s better than nothing, but the password structure is usually fixed with no customization capabilities for length, symbols, or strength. Not on the internet? Then you can’t access your passwords.
- Browser password managers are as not secure. Unlike robust password management applications, most browser password managers do not support a master user password to encrypt and lock all the login data on the device.
- All passwords are vulnerable in a single browser hack. All it takes is one breach of a web browser to expose all the passwords stored for every account. If multiple devices are synced through the cloud, that’s more access points for hackers to exploit – and only one device needs to be compromised.
- Migration to another platform is difficult. After storing the data for dozens or hundreds of websites on a web browser password manager, moving to another browser (Chrome to Firefox), operating system (Windows to Macintosh or Android), or a dedicated password manager application can present compatibility problems when exporting data and may require painstaking manual data entry. Ditching your iPhone for a Google phone but keeping your Mac? Uh oh.
Now multiply these issues by the number of employees in your organization and you can see the risks of storing sensitive data in a web browser without any centralized control or rules.
The Ugly: Potential Outcomes of Storing Passwords in Your Browser
A browser password manager offers the bare minimum of protection; they are designed for convenience, not security. There is no way securely share passwords. That means employees are probably still jotting them down on Postt notes when a coworker asks for a password.
Can you be sure that every employee logs out of their web browser and locks down their device after every session? If an employee were to leave their PC unattended or lose their phone, for example, anyone can open the browser settings and steal login credentials for every website.
Now your company data is at risk, along with supply chain and customer information. Credit card and bank account numbers can be exposed. Employees may find they’ve been locked out of their email and social media accounts after their passwords were changed Is a ransomware attack coming?
Timely access control is critical for businesses where passwords are shared among multiple employees. Worker productivity suffers when time is wasted looking for passwords. The flip side of this is the inability to quickly revoke the access privileges of a employeeor after a round of layoffs. Conversely, if an employee who creates his/her own private passwords is unreachable, access to accounts and data may be permanently lost.
For these reasons, web browser-based password security will never be on par with what a dedicated password manager application can offer.
The Passpack Solution
Passpack is a professional service offering highly secure organization-wide password creation, management, and sharing for today’s small to mid-size businesses. Passpack surpasses the good, corrects the bad and the ugly outcomes of web browser password managers.
Passpack uses military-grade AES-256 encryption and is built on a zero-knowledge system architecture to alleviate the stress of users having to create, remember, share, and update an unlimited number of passwords. It provides the convenience of auto-fill while removing the risks of leaving confidential data in an unsecure web browser. Here’s how:
Totally secure. All data is stored on servers featuring zero-trust technology. Data is fully encrypted and only end users – not Passpack employees – have access to their data.
Master password. Each user creates a Master Packing Key, a personal encryption code to unlock data in their Passpack account known only to them. Even if a device is lost or stolen, all passwords remain secured.
Flexible password creation. Integrated password generator can be customized for the length, strength, and sharing of passwords. Add another layer of protection with two-factor authentication.
Secure password sharing. Create teams, easily share passwords, and manage permissions among trusted individuals for collaboration, or immediately revoke individual access upon termination.
Universal access. Passpack is platform–agnostic and stores an encrypted copy of data on every device, allowing users to access confidential information even when offline or using different platforms. So go ahead, get that new phone.
Save more than passwords. Track credit card expiration dates, store account and passport numbers, and organize all digital credentials in one centralized secure server.
The next time you visit a website and your browser prompts you to save the username and password, choose “No Thanks” and visit instead. Our mission is to provide an unmatched combination of password security and value. and see how easy and affordable it is to keep all your passwords safe with Passpack.