CAI Managed IT Blog
Tip of the Week: Is Browser-Based Password Management Safe to Use?
Passwords are quite literally everywhere nowadays. With so much of modern life now controlled or held within user accounts, keeping your passwords both secure and straight in your head is crucial. Many web browsers now offer some built-in password management utility to help make this process more convenient for the user, but is this option available at the cost of security?
Let’s examine how secure each major browser’s integrated password manager is, as well as how to disable them if you so choose.
How Secure is Your Chosen Browser’s Password Management?
Let’s do a side-by-side comparison of the password managers now built into the major browsers on the market: Google Chrome, Firefox, Microsoft Edge, and Safari.
Tied to the user’s Google account, the password manager found in Google Chrome offers many of the features one would expect of a modern password manager. Not only is it itself protected by two-factor authentication, but it also offers the capability to generate a random password on the user’s behalf whenever they create a new online account. This password generation helps to prevent users from simply recycling the same password over and over which minimizes the chances of a single data breach undermining more than one account.
Whenever you access one of your accounts through Firefox, the browser will prompt you to save the username and password you used on that device where it can be viewed through your browser’s Options. From that point on, the credentials will be saved. The default setting for this capability is unfortunately insecure, but you can set a master password to protect its contents, making this the most secure option available to you.
Microsoft was late to the party concerning its password management, only adding the capability to its browser at the start of January 2021 to supplement its other security features. Among these features is Password Monitor, which helps to alert the user of breaches, as well as the capability to auto-generate a password when creating an account.
Rounding out our selection of browsers, Safari features a bundled password generator and management tool, enabling you to autofill your passwords into the websites you visit. Taking it a step further, contact info and credit card information can be saved, with all of it accessible on all your devices with iCloud Keychain. Of course, this platform is Apple-agnostic, and is relatively stingy compared to many third-party password management options, with no two-factor authentication available.
So, What’s the Most Secure Offering?
As a general rule, integrated password managers will do in a pinch, but the better option is to instead use a dedicated password manager. The reason that this is the case? Primarily: most integrated password management platforms don’t require the passwords they save to be all that secure. The opposite is usually true of your dedicated management programs, which also offer the convenience of generating sufficiently secure passwords at the click of the mouse.
We also recommend that you supplement your password security whenever available with two-factor authentication, in addition to many of the typical best practices we always recommend, including:
- Keeping your devices and browsers up to date to ensure security patches are installed properly.
- Avoiding websites without SSL certificates (which will simply have “http” in the URL, as compared to “https”) or using publicly-accessible Wi-Fi connections. This is noted with a little lock icon in your browser address bar.
- Being discerning about the browser extensions or software titles you enable.
How to Deactivate the Built-In Password Management in Your Browser
Each option provides its own means of disabling its integrated password manager:
In the Chrome browser, access the three-dot menu and select Settings. Under Autofill, click into Passwords and switch off Offer to Save Passwords.
In your Firefox browser, access the hamburger menu and select Options. Find Privacy & Security out of the options on the left and locate the Logins and Passwords section. Deselect Ask to save logins and passwords for websites.
In Edge, access the three-dot menu and click into Settings. From there, select Passwords and then deselect the option to Offer to save passwords.
In Safari, access the Menu and select Preferences. Accessing the AutoFill category, deselect everything: Using info from my contacts, User names and passwords, Credit cards, and Other forms.
If you’re looking for reliable IT solutions, along with the means to keep them secure, look no further than what CAI Managed IT provides. Learn more about what we have to offer by calling (800) 422-4782 today.