Many browsers offer to save entered passwords. It is handy. But is it also safe? Here’s what to keep in mind when using the feature.
Photo series with 15 photos
Working, shopping, looking up, networking with friends: Anyone who performs many tasks on the Internet should secure their accounts with different, hard-to-crack passwords. Many browsers offer a useful help with this: the login details can be saved with one click, so you don’t have to enter them again the next time you visit. But is it really a good idea to entrust your access data to the browser?
What happens if you save passwords in the browser?
Christian Lueg of the I.T security company Eset has a clear opinion: “In general, we don’t recommend saving passwords directly in the browser,” he says. It does not matter whether the browser stores the data encrypted in the cloud or locally on the user’s hard drive.
“The problem is that the passwords on the device are partially decrypted,” says Lueg. “This means that anyone with access to the device can easily read the data.” For example, other users using the same computer can use the browser’s export function to display all saved credentials in plain text.
Apple’s Safari browser is an exception to this, where all passwords are stored in a central, system-wide password vault, the key fob. This data cannot actually be read without a password. By default, the device password (Mac) or the unlock PIN (iPhone / iPad) must always be entered when entering access data automatically. Alternatively, you can use your fingerprint (newer Macs / older iPhones) or Face ID (newer iPhones / iPads).
BSI warns against data breaches
Windows does not have such a central password vault. If a PC is used by multiple people, the Federal Information Security Agency (BSI) recommends setting up multiple user accounts in the browser that restrict access to personal information.
Nevertheless, risks remain, the BSI warns: “Password managers integrated into the browser make it easier to handle passwords, but have the disadvantage that the stored access data can be extracted by malware relatively easily and thus by an attacker. are being abused, “a question spokesperson shared.
What Users Should Do Now
Anyone who has already saved their passwords in the browser can manually delete them. The password settings can be found in the menu “Privacy and security” under both Google Chrome and Firefox. The BSI recommends deactivating the “Save passwords” function for the future or at least taking additional security measures.
For example, in Mozilla Firefox there is the option to protect saved credentials with a master password using the integrated “Lockwise” password manager. Only those who know this can access the passwords.
Note: the Chillreport browser is also based on Mozilla Firefox technology. Here is the free download.
According to the I.T security experts Lueg can also use two-factor authentication (2FA) to prevent unauthorized persons from logging into the user account with “stolen” passwords. More information can be found here.
The safer alternative: password manager
As a safe alternative to browser-based solutions, all experts recommend the use of so-called password managers. This means that users can save themselves the constant typing of their email address and password. The passwords are usually stored more securely than in the browser. Depending on the software and provider, the data is either stored encrypted in the cloud or locally on the user’s computer.
A master password or a physical key protects the password memory from unauthorized access. To log in to websites, a certain key combination is often sufficient, with which the login data is transferred from the software to the browser window.
A safe in the cloud
A password vault in the cloud has the added advantage that the user can access it from all devices and platforms – so it is not dependent on a specific browser. However, the services are often chargeable. Here you can see which free service Stiftung Warentest recommends.
Security expert Lueg also swears by a password vault in the cloud. In the beginning, the operation took some getting used to. But after a short while, the services are almost as easy to use as the browser functions – and much more secure at the same time.