Why You Should Never Store Passwords in Your Browser

Password: 123456. No matter how many times they warn us, a lot of users still use similar passwords to ‘secure’ their accounts. If you’re one of them, please stop because you’re putting your online security at risk. What you need is a strong, unhackable password that will give snooping eyes a hard time trying to decipher it. But the problem with complex passwords is that they are hard to remember. Besides, it’s very inconvenient to input your security code every time you wish to enter your accounts.

Never Let Your Browser Save Your Passwords

Never Let Your Browser Save Your Passwords

That is why we resort to the “Ol’ reliable” save password feature that our browsers offer. Then, you enter your password once, click yes when your browser asks if you want to save it, and Voila! It’s smooth sailing from there on out. But easy and reliable have completely different meanings. And though it may seem convenient to let your browser memorize your code, it is not at all secure.

Get ExpressVPN

Top Recommended VPN

30-Day Money-Back Guarantee

Why Strong Passwords Are a Must

Your first and sometimes only line of defense against hackers is your password. That is why you must use a strong one to secure your account. So don’t take your password for granted and please don’t try to be funny like this user:

I changed my password to “incorrect” so whenever I forget what it is, the computer will say “Your password is incorrect.” 

Let’s hope our friend here isn’t serious.

I know you might think that you’re just an average Joe and no hacker would want to breach into your account and steal your data. But that’s where you’re wrong. Cybercriminals get a kick out of accessing other people’s accounts, even random ones. Sometimes, their main objective is to hack into your data and show it off to your face.

Therefore it’s essential not to take any risks and create a good old fashioned fortress of a password.

How to Create Strong Passwords

With so many must-have applications that are available today, it’s kind of hard to keep track of the different passwords that you have. It’s also hard to remain creative. Facebook, Instagram, Twitter, Netflix, Gmail, and LinkedIn are just some of the apps that people have on their devices. That’s six different passwords.

Therefore, it’s easier to use a password generator like passwordgenerator.net or bestpasswordgenerator.com. The VPN Guru’s Password generator, for instance, will create a strong password (16 characters) with at least one number, one symbol, and one uppercase letter for you.

Copy to the Clipboard Copied! Regenerate a new Password
  Share   Tweet

And if you don’t feel safe taking a password suggestion from a stranger, you can always come up with one yourself and check for its strength using a password strength meter.

Strength Meter

And before you start thinking, “Why don’t I use the same password for all my accounts?“, let me stop you right there. Using one password for multiple apps is a terrible idea because if someone manages to get their hands on it, they’ll have access to all your accounts.

Why You Shouldn’t Allow Your Browser to Save Your Password

I’ll be the first one to admit that I used to allow Internet Explorer and Google Chrome to save my passwords. It was a very suitable solution as it allowed me to enter my credentials just once, and then my browser would do the rest. But then I learned about all the security risks that accompany this feature, and I immediately deleted my saved passwords.

Did you know that if you’re using the Linux OS, Chrome allows users to access your saved sign-ins without as much asking for a password or identification code? Even Firefox doesn’t ask for authentication unless you enable the Master Password feature. But if it’s turned off, anyone can simply click on view passwords and eureka! There they are. At least on Windows and macOS, Chrome asks for verification.

However, hackers can still bypass any procedure and view your saved passwords. They can either use an online password reset tool to reset your password, enter a new one, and access your data.

Or they can also change the coding of the page to unhash the password so that it is readable when you type it.

  1. Press right-click in the password field and select “inspect.”
  2. Double-click where it says type=”passwordthen change the word “password” to “text.”
  3. Now, whenever you type in your password, it will visible in plain text instead of being hashed.
  4. Therefore, if anyone is lurking or monitoring your device, they can read your password.

What if your device gets stolen?

Just imagine if someone steals your computer or smartphone. If your devices are unlocked, that person will have access to all your accounts and passwords that your browser has stored. In case someone steals your phone, tablet, or laptop, you need to:

  • Lock your device and/or erase data remotely: The minute you find out that you’ve lost your device, and that there is no hope of recovering it, you need to secure it remotely. iOS and macOS have the Find My iPhone and Find My Mac features, but you’ll need to activate them before your device gets stolen. If enabled, these features will lock your device so that no one can access them without your Apple user ID and password. Both options also allow you to remotely erase sensitive data.
    Android users have a similar feature as well called Find My Device, except this one is an app that you must install before your device gets stolen. You can use your Gmail details to log in to google.com/android/find and click Secure Device. You’ll then be able to set a new password to lock your screen. You can also erase all the content from your device.
  • Change passwords: Immediately change the passwords to all your accounts, especially banking, just in case someone manages to crack them.
  • Contact your bank: It is best that you call your bank and cancel your debit and credit cards. If your online banking account information is saved on your device, the person who stole your phone can use it and go on a shopping spree.

Hackers alert

If you’re an Internet user, that automatically makes you a target for hackers. And if they manage to infiltrate your computer, they’ll be able to see all your saved logins and passwords. If you suspect that a cybercriminal has somehow infiltrated your data, you can visit websites like haveibeenpwned.com or DeHashed.com that tell you if your account has been hacked.

Nosy roommates or siblings

Sharing your house/apartment with a sibling or roommate? Well, these guys can put their noses in your business. And if you share the same computer as my brother and I did, you’d want to keep your data private. Therefore, don’t save your password so that no one else can automatically access your accounts. 

Out of sight, out of mind

American minister and author Norman Vincent Peale used to say:

“Repetition of the same thought or physical action develops into a habit which, repeated frequently enough, becomes an automatic reflex.”

But if you stop typing your passwords and let your browser fill them in for you, you’ll soon forget all about them, especially if they are complicated. You can always click on the “I forgot my password” button and create a new one, but it’s very annoying and time-consuming.

How to Stay Safe Online

The only person who is supposed to see or know your password is you. So make sure you take the matter seriously if you want to guarantee your online security.

  • Create a secure password: As I mentioned before, you must have a tough-to-crack password. That’s why it must include symbols, numbers, and capital letters. A password generator can help you with that.
  • Regularly change your password: Every tech expert will tell you that it’s better to change your password every once in a while. And you better take their advice, just in case someone figured out your code.
  • Use a password manager: Since we all have dozens of apps installed on our devices, it’s better to use a password manager to store all of them. This tool provides an extra layer of security as it forces you to submit a password to access it. And NEVER allow your browser to store your passwords.
  • Two-factor authentification: 2FA or two-factor authentification is an extra layer of security to your device. By enabling this feature, a password won’t be enough to access your accounts; you’ll also need a unique code. This code is sent to you via text message or email, and you’ll need to type it in after you enter your password to access your device or account.
  • Connect to a VPN: Do you use public WiFi a lot? If you’re always hanging around in cafes, the most secure thing to do is connect to a VPN service. Public connections offer no encryption whatsoever, and they are very easy to hack. Even an amateur hacker can view your data and credentials. But the VPN will encrypt your traffic and prevent anyone from monitoring your online activity. I recommend the one I always use: ExpressVPN

What to Do If Your Password Is Stolen?

Sometimes, you can take all the vitamins you want and still end up catching a cold. So if you follow all these steps and your password gets stolen somehow, read this guide and take the necessary action.

Don't Allow Your Browser to Store Your Passwords

Don’t Let Your Browser Store Your Passwords

Don’t Save Your Passwords on Your Browser – Final Words

Allow me to conclude with the wise words of Chris Pirillo, founder and CEO of LockerGnome:

“Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.”

Did this article convince you to delete your saved passwords? Or would you rather risk your online security for easy access? Tell us what you think in the comment section below.

Add a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

as-seen-on