Save password in browser? Thanks but no thanks.

In most browsers, when entering a password, a pop-up will appear offering to save the password. Handy, because that saves remembering a password number 831. And let's be honest, password management isn't a hobby for most of us. But IT engineer Ralf Wanninkhof warns about the risks of leaving this to your browser. "It's not a good idea to store your password there, because others can access it too easily," he responds. 'It is much better to have a password manager to use.'

That is partly due to the technology, explains Ralf. “The passwords are stored on your PC and they stay there. They are secured with encryption, but the level is not high enough. A little script kiddie can get on with it.' 

Logged in without a password manager?

But the main risks of saving in browsers are –Surprise!– in the behavior of users. An annoying stacking effect makes it very risky to store passwords in the browser.

Ralf explains: 'First of all, there is the risk of using browsers in different places. While logged in, you can use your browser at work, at home, and many other public places. If you forget to log out of one of these places, someone else can access your accounts. And that is a place where often all kinds of sensitive data can be found and from which orders can be placed. For example, an order with Zalando that is delivered to a different address.'

To make it a bit more serious: 'In addition, a lot of passwords are leaked. This is called Password Stuffing, using leaked passwords to login to other sites. This is why all passwords must be unique. This often doesn't happen now because we simply can't remember enough passwords.

'Actually, we know the risk, but still. If you have left your browser open to the wrong one or if your password has been leaked, you can assume that it will be tried in more places', outlines Ralf.

Password manager: twice as secure

A password manager is the solution. A password manager puts an extra obstacle in the way to your stock of passwords. Main weapon is the Double Factor Authentication (DFA) or the Two Way Authentication (TWA).

The password manager works independently, without using a browser. The program generates very strong passwords on request, from the category 'F56tizL1>e!mq(*'. These kinds of passwords are not rememberable, they are therefore stored and protected with a single strong password, which is remembered by the owner. This password gives you access to the database of passwords, but if you want to enter, you will have to confirm this in another way, for example with a confirmation from your mobile phone. 

Once you have copied the password, the safe will close again and your data will be protected. With contemporary encryption, of a high level. You only have to remember one password and after use the door will be locked again. That makes it easier and safer.

Are your passwords for sale on the Dark Web? Ask the dark web scan and we'll let you know right away (with advice for a more secure policy with a password manager…)

Others
Blogs

IT Security
Lennert Hut

Don't turn a private password into a business threat

Private passwords are thrown around a bit too often and therefore also pose a business risk. A password manager offers convenience at home and at work. But above all: it prevents threats, because private passwords also meet business standards for IT Security.

Read more "