Save password in your browser? Thanks, but no thanks.

June 13, 2022

Lennert Hut

Online Marketer

In most browsers, when entering a password, a pop-up will appear offering to save the password. Handy, because that saves remembering a password number 831† And let's be honest, password management isn't a hobby for most of us. IT engineer Ralf Wanninkhof warns about the risks of leaving this to your browser. "It's not a good idea to store your password there, because it's too easy for others to access," he responds. "It's much better to use a password manager."

That is partly due to the technology, explains Ralf. “The passwords are stored on your PC and they stay there. They are secured with encryption, but the level is not high enough. A little script kiddie can get on with it.' 

Logged in without a password manager?

But the main risks of saving in browsers are –Surprise!– in the behavior of users. An annoying stacking effect makes it very risky to store passwords in the browser.

Ralf explains: 'First of all, there is the risk of using browsers in different places. While logged in, you can use your browser at work, at home, and many other public places. If you forget to log out of one of these places, someone else can access your accounts. And that is a place where often all kinds of sensitive data can be found and from which orders can be placed. For example, an order with Zalando that is delivered to a different address.'

To make it a bit more serious: 'In addition, a lot of passwords are leaked. This is called Password Stuffing, using leaked passwords to login to other sites. This is why all passwords must be unique. This often doesn't happen now because we simply can't remember enough passwords.

'Actually, we know the risk, but still. If you have left your browser open to the wrong one or if your password has been leaked, you can assume that it will be tried in more places', outlines Ralf.

Password manager: twice as secure

A password manager is the solution. A password manager put an extra obstacle in the way to your stash of passwords. Main weapon is the Double Factor Authentication (DFA) or the Two Way Authentication (TWA).

The password manager works independently, without using a browser. The program generates very strong passwords on request, from the category 'F56tizL1>e!mq(*'. These kinds of passwords are not rememberable, they are therefore stored and protected with a single strong password, which is remembered by the owner. This password gives you access to the database of passwords, but if you want to enter, you will have to confirm this in another way, for example with a confirmation from your mobile phone. 

Once you have copied the password, the safe will close again and your data will be protected. With contemporary encryption, of a high level. You only have to remember one password and after use the door will be locked again. That makes it easier and safer.

IT makes work easier and clearer. With my colleagues at Aumatics I bring the world of IT to the forefront, understandable and practical. This way you get out what's in it (and it will probably make you just as enthusiastic as we are!) Do you have a tip or news? Can we help you?

Lennert Hut

Online Marketer