cover of episode Episode 7: 3 Reasons Why You Should NOT Save Your Passwords in a Web Browser

Episode 7: 3 Reasons Why You Should NOT Save Your Passwords in a Web Browser

2020/10/23
logo of podcast Cyber Security For All

Cyber Security For All

Frequently requested episodes will be transcribed first

Shownotes Transcript

Apetech Website: https://www.apetech.me/

https://anchor.fm/apetech/message

Email: [email protected]).

Twitter:  @apetechda

In this episode, we are going to talk about why you shouldn’t save your passwords to your browser.

If you use a modern browser such as Chrome, Firefox, or even Edge, then you’ve probably seen a little notification that pops up when you first log into a website.  It asks you if you want to save your username and password.  How convenient you think.  How awesome is this is probably another thought that crosses your mind.

While it can be a tremendous time saver have your browser store all those passwords for you, there are some serious drawbacks that I’d like to highlight in this episode.  If you have ever used your browser to store your username and password, you’ll want to stick around because we’ll be discussing some the biggest risks you have if you utilize that feature.

Okay, so I’m not going to lie.  I’ve used the feature on the browser that allows you to save your password.  It almost immediately pops up and whenever you change your password, it reminds you to update your stored credentials to match the new ones.  This is an amazing feature.  Best of all, it stores your unique passwords for each website.  Every time you come to the website, there it is, prefilled for you.  Life can’t get any better.  Except there are some issues with using this feature.  Let’s jump into it.

First, every password is saved on your one browser.  In order to see the list of all those passwords, all you need is the administrator password for your computer.  This one feature ruins it.  It doesn’t matter how safe, strong, and unique your password is. It doesn’t matter if you use a different username and password for every website.  It doesn’t matter if you update your passwords every 90 days.  None of that matters if only 1 admin password can show and expose all of your hard work.

With one password, an attacker can gain access to your entire catalogue of usernames and passwords.  In my opinion, this isn’t very safe.  You might be thinking, but I’m the only one that uses my computer.  Well, what happens when you sell or pass on your computer to someone else?  Do you take the appropriate precautions to wipe your computer clean?  What if you have your admin password written down and someone finds it in your house?  They then have access to every stored password.  Worst case scenario, you log into a public computer and save your username and password.

The next problem is that it makes you forget your password.  Because you never have to retype your passwords, your passwords are more likely forgotten.  Easy solution, write your passwords down. . . but then we are back to violating password safety guidelines.  I’ve met countless people that depend on the browser saving their passwords that they need to reset their passwords whenever they log in from a different device.  This then begins an endless loop of constantly having to reset your password because you forget what you change it to.  Then your previous browser still has the old one saved and the new password doesn’t work because you forgot it.  So then you update it in that browser and the cycle continues.

Moral of the story, if you can avoid it, please don’t use the browser to save your passwords.  It’s much more secure to use unique passwords that are long and easy to remember so you can avoid having to save them or writing them down.


Support this podcast: https://podcasters.spotify.com/pod/show/apetech/support)