Why saving passwords in your internet browser is a bad idea.

Why saving passwords in your internet browser is a bad idea.

I get it, I really do. As a Virtual Assistant, I have to look after so many passwords for clients and for myself, and in order to do so, I have to make sure that they are as safe as they can possibly be. And for that reason, I use a password manager. But not all password managers were created equal, and some are more susceptible to hacking than others, particularly internet browser password managers – so where do you even start?

I was chatting to attendees at a networking event the other day, and I asked them how they deal with the many passwords we all have to cope with nowadays. The answers varied; some were in a book, others on a spreadsheet, a few used a stand alone password manager, but the most common answer was “I get my browser to remember them, and then I don’t have to worry about them.”

Unfortunately, despite their appeal, desktop web browsers are not doing a great job of securing your precious passwords, bank details or personal information. In fact, they are the most commonly and easily hacked software out there. Even legitimate software can extract your personal details and information from them.

Over the last few years, a nasty little malware called RedLine has been doing the rounds, stealing passwords and other sensitive information from browsers such as Chrome, Firefox, Opera, MS Edge and more. This malware collects information on you and hides in your system, pretending to be a Windows programme.

Likewise, there is a similar malware that attacks Mac browsers called XLoader.

Even more concerning is that if your desktop web browser automatically fills in form fields with your personal data and saved passwords — and many will do this automatically — then websites can read those auto-filled details without having to do anything to your computer.

Worried? Well, without wishing to stress you out – you should be! By stealing your passwords and personal information, you can be scammed, hacked, your bank accounts can be cleared, and your identity stolen. And if you are looking after other people’s passwords in this way, you need to seriously think about changing the way you store them.

So, how do I store my passwords and sensitive data safely?

Instead of using your browser’s password managers to save your passwords or pre-fill form details, you should look at using a standalone password manager, particularly if it is anything to do with banking, accounts, shopping, emails, social media or personal information. And once you have done this, you should delete any saved information in your browser.

A good standalone password manager will also pre-fill your login details, save details as you log in and supply you with other security measures, such as strong passwords and advice.

There are lots out there; you may have heard of some of them, LastPass, 1Password, Bitwarden, Dashline, and KeePassXC, to name but a few. Some are free, some have a small cost, but all have multiple layers of protection in place to secure your information.

How do I stop my browser automatically saving my passwords in future?

In order to stop your browser automatically saving passwords, you will need to change the settings. Each browser is slightly different, but here are a few settings to help you on your way…

Google Chrome: Settings > Advanced > Autofill. Turn off “Offer to save passwords”.

Mozilla Firefox: Settings > Privacy & Security. Scroll down to “Logins and passwords” and untick “Ask to save logins and passwords for websites.”

MS Edge: Settings > Profiles > Passwords. Turn off “Offer to save passwords.”

Opera: Settings > Advanced Settings > Autofill > Passwords. Turn off “Offer to save passwords.”

How do I stop my browser auto-filling logins and forms in the future?

Google Chrome: Settings > Autofill. Turn off “Auto Sign-in”.

Mozilla Firefox: Settings > Privacy & Security > Scroll down to “Logins and Passwords”. Now untick “Autofill logins and passwords.”

MS Edge: Settings > Profiles > Passwords. Annoyingly Microsoft Edge won’t let you switch off Autofill. However it will ask you for the device password (to your Windows account login) before auto-filling. If you opt to log in to your Windows account then you can choose whether to always ask for a password or only ask for it once per session.

Opera: Settings > Advanced Settings > Autofill > Passwords. Turn off “Auto Sign-in.”

How do I delete saved passwords on my browser?

Once you have chosen and set up your new Password Manager, it is really important that you delete your existing passwords from your browser.

Google Chrome: Settings > Autofill. Click on the three dots next to each password entry, then select “Remove.”

Mozilla Firefox: Settings > Privacy & Security. Scroll down to “Logins and Passwords” and click on “Saved Logins.” You will see a new tab called “Firefox Lockwise” that lists all your saved passwords. In the upper right-hand side of the tab, click the three dots and select “Remove All Logins.”

MS Edge: Settings > Profiles > Passwords. Click the three dots next to each password entry, then click “Remove.”

Opera: Settings > Advanced Settings > Autofill > Passwords. Click the three dots next to each password entry, then select “Remove.”

Safari: Safari (Menu Bar) > Preferences > select Passwords tab. You will have to enter your macOS password or use Touch ID to see the tab’s contents. Once you’ve done that, you can select each password entry separately or shift-click to select multiple entries. Now click “Remove” at the bottom left-hand side of the window.

Some final top tips:

When choosing a standalone password manager, make sure it meets with GDPR compliance and the Data protection regulations.

Try not to duplicate passwords; there is no excuse once you are using a password manager as you don’t need to remember them anymore, and most good password managers will tell you if you have two passwords the same. They can create secure passwords for you.

If you are using public Wi-Fi, you can keep your data safe by using a VPN to stop people accessing your data via the network and seeing your details.

If you are not sure about which Password Manager to use, I’m always happy to have a chat about your options and how to set them up. Do get in touch.

by Gwen Backhouse
Curlew Secretarial Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.