As your Chief Information Security Officer (CISO), I want to chat with you about something important: storing passwords in your web browser. When I speak with members of the Chapman Community, I often get asked if storing passwords in your web browser is a good idea. While saving your passwords there might seem very convenient, it comes with some risks. Using your browser’s built-in password manager can make your credentials vulnerable. So, before you rely on your browser to keep your passwords safe, let’s talk about why you might want to consider other options, such as a dedicated password manager.

Here are five key reasons to consider:

  1. Syncing across devices exposes passwords:When you save passwords in a web browser and enable syncing across multiple devices, it increases the risk of unauthorized access. This is because the passwords are stored in a centralized location that can be accessed from any device where syncing is enabled. If one of these devices is compromised, it can expose all the synced passwords to malicious actors. Additionally, syncing often involves transmitting data over the internet, which can be intercepted if not properly encrypted.
  2. Shared device access risks:When multiple people use the same device or a hacker gains access to it, the stored passwords can be easily extracted. This is because web browsers often store passwords in a way that can be accessed by anyone using the device. If the device is shared among family members, colleagues, or friends, there’s a higher chance that someone might inadvertently or intentionally access the saved passwords. Additionally, if a hacker gains control of the device, they can use various tools and techniques to extract the stored passwords, putting your credentials at risk.
  3. More identifiable information in one place: Web browsers collect various personal data, such as browsing history, cookies, and saved passwords. When all this information is stored in one place, it increases the potential risks if a breach occurs. If a hacker gains access to your browser, they can obtain not only your passwords but also other sensitive information that can be used to track your online activities, steal your identity, or launch further attacks. This concentration of data makes web browsers a lucrative target for cybercriminals.
  4. Weaker encryption than dedicated password managers: Many browser-based password managers lack multi-factor authentication and strong encryption methods, making them easier targets. On the other hand, dedicated password managers often employ robust encryption algorithms and offer additional security features such as multi-factor authentication, which significantly enhances the protection of your credentials. By relying on browser-based password managers, you may be exposing your passwords to potential vulnerabilities due to weaker encryption standards and the absence of advanced security measures.
  5. Susceptibility to password-stealing malware: Cybercriminals use malware to extract saved passwords from browsers, increasing the risk of credential theft. Malware is malicious software designed to infiltrate and damage computer systems. When it comes to password-stealing malware, these programs specifically target web browsers to harvest stored credentials. Once the malware is installed, it can scan the browser’s storage for saved passwords and send them to the attacker. This type of malware can be distributed through phishing emails, malicious websites, or infected software downloads. By relying on browser-based password management, you may be exposing your credentials to these types of attacks, which can lead to unauthorized access to your accounts and sensitive information.

To keep your credentials safe, I recommend using a dedicated password manager with stronger encryption and better security features. Relying solely on browser-based password management can leave you vulnerable due to their security shortcomings.

As always, if you suspect something, report it to abuse@chapman.edu.

 

Stay safe, stay vigilant!

Keith Barros, Chief Information Security Officer (CISO)

Chapman University