Let’s be honest - not all of us have the best memories. This makes the ability for many browsers to remember our passwords seem like a godsend. However, is this capability actually a good thing for your cybersecurity? The answer may not surprise you.
While yes, the fact that we no longer have to remember each different password for our online accounts may seem ideal, relying on the browser to remember them for us presents a few issues. Each of these browsers leaves some kind of opening for a hacker to review a user’s list of passwords.
Google Chrome - When a user is logged into their Google account, Chrome will automatically save any passwords that user inputs. If a hacker was then able to gain access to that Google account, the entire list of passwords would be available to them.
Mozilla Firefox - Utilizing low-level encryption, Firefox hides a user’s passwords, utilizing a single master password as the encryption key. However, because this encryption has such a low level, a brute force attack can break it. Plus, if someone is in possession of the device itself, they can access the passwords without having to log in.
Safari - Just as is the case with Firefox, Safari stores all passwords in the browser’s settings, where they can be accessed without a login required.
Internet Explorer - When Internet Explorer saves passwords, all it takes to expose them is a readily available tool.
Microsoft Edge - Edge has had some security issues, such as a flaw that enabled hackers to read files that were browser-compatible (like the notepad files that some might keep a list of passwords in). In addition, some third-party password managers, like Edge Password Manager, have failed to require password authentication in the past.
Of course, there are other threats to your password security as well. For instance, a bug that dates back 11 years was discovered early this year that allowed website credentials to be stolen. A secondary form was hidden behind the login form, stealing usernames (which were often just the user’s email) and passwords without the user having any idea.
What Can Be Done?
Your first step should be to disable your preferred browser’s built-in password manager.
Google Chrome - Under the toolbar, select Chrome Menu, and from there, Settings. Scroll down until you can select Advanced, and from there, select Manage passwords (found under Passwords and forms). Finally, switch Auto Sign-in to off.
Mozilla Firefox - In the toolbar’s Firefox Menu, access Options. On the left, access Privacy & Security, and find Forms & Passwords. Find the Remember logins and passwords for websites option and deselect it.
Safari - Select Safari Menu from the toolbar, and then select Preferences and Autofill. Then you’ll need to deselect Using info from my Address Book card, Usernames and passwords, and Other forms.
Internet Explorer - First, you need to reconsider utilizing Internet Explorer, assuming your organization gives you a choice in the matter. If you must, you will want to access the toolbar’s Internet Explorer Menu and select Internet Options. From there, click into Content, and select Settings (found under AutoComplete). Deselect both Forms and Searches and User names and passwords on forms. Finally, save your changes by clicking OK.
Microsoft Edge - Again, from the toolbar, select Edge Menu and from there, Settings. Scroll down to find View advanced settings. Under Privacy and services, deactivate Offer to save passwords, and under Manage passwords, deactivate Save from entries.
We understand, remembering all of your different passwords can be a real pain, but relying on your browser to remember them just isn’t a good option. There are, however, services like LastPass that can store your passwords much more safely behind much more powerful encryption. While these solutions aren’t infallible either, they are a much better choice than entrusting your browser.
For more help managing your business IT and its security, give White Mountain IT Services a call at 603-889-0800.
- Tip of the Week: Awareness Is Important When Surfing the Web We all love the Internet. We all use it almost every day. For this week’s tip, we’ll review a few ways to help keep yourself from getting in trouble while browsing. Sacrificing Security for ConvenienceFor starters, most of the threats to be found online are of the sort that can be avoided somewha...
- Could You Spot a Social Engineering Attack? As invaluable as the security solutions that protect a network are, they can be effectively rendered useless if a cybercriminal is skilled in social engineering. Social engineering is the practice of using manipulation to access protected resources, as we will review later. If your business and its ...
- Here’s How Companies Struggle with IT Security No business can be successful if it’s constantly suffering from data breaches. Therefore, you should take measures to mitigate the issues caused by these threats before they present themselves. Here are four of the biggest issues your business could face in the field of network security. Password...
- Help! My Staff Hates My Company’s IT! Fellow business owners, do you ever feel like you need to walk around on eggshells when it comes time to implement a new process or policy with your employees? Does it seem like your staff fights back tooth and nail when there is any technology change or IT restriction? You aren’t alone. More oft...
- A Brief Overview of Network Security The reliance the modern business has on its IT cannot be understated. As a result, to keep their computing network and infrastructure running efficiently, companies need to have a network and cybersecurity policy in place. With the development and use of organizational computer networks with multipl...
- FREE Printout: Dos and Don’ts of IT Security The following guide is designed to be used by business owners and office managers as an educational resource to establish some basic IT security best practices in the workplace. Feel free to print it out and hand it out or post it in common areas. You work on important things. Let’s all work togeth...