Q: Is it safe to have my browser save passwords?
This question illustrates the ongoing challenge we all have to face when it comes to balancing convenience with security.
Having your passwords stored in your browser is certainly a big convenience, but no matter how you look at it, the price you’ll pay is some level of security.
If you never save a password in your browser, technically speaking it’s certainly safer, but what you really need to do is weigh the actual risks against the convenience.
How and where you use your computer should also be a consideration as a laptop, smartphone or tablet is much more likely to be lost or stolen then a desktop computer in your home or office.
Saving passwords on your home computer that only you use is far safer than saving passwords on a mobile laptop that your whole family shares.
Saving passwords on benign sites that contain very little personal information is also less of an issue than saving passwords for any of your financial institutions.
Every major browser offers some form of encryption that securely stores the saved passwords on your computer, but we don’t really know exactly how hackable their security may be.
The reality for most of us is that we’re a lot less likely to be the victim of a hacker that’s specifically targeting saved browser passwords then we are to be the victim of theft or a lost device.
A stolen device loaded with a plethora of saved passwords is a cyber-thief’s dream, so it’s imperative that you setup some form of access code and auto-locking feature to reduce the potential damage should it go missing.
Installing some form of remote tracking and deletion software, such as Prey Project, on all your mobile devices is also a good idea, whether you’re saving passwords on them or not.
To sync or not to sync
Another convenience feature you’ll have to decide whether to use or not is the browser syncing option.
Syncing allows you to share your browsing history and passwords across all your different devices, but in order for it to work, your information has to be stored by the browser company on their servers.
Once again, they offer various levels of encryption and with the exception of one company, Opera, we’ve yet to hear of any breaches of this particular secured data, but you’ve technically added another way to be exploited.
For its part, Google has created a central place that allows you to manage what passwords the Chrome browser saves, which you can also password protect separately with a sync passphrase at passwords.google.com.
A better way
Security experts all tend to agree that if you’re going to use software to store your passwords, using a dedicated password storage tool such as LastPass, KeePass or RoboForm is more secure than using your browser to store your passwords.
Products that focus solely on protecting passwords instead of relying on browser developers that have to focus on many other things besides security should provide you with a better layer of security.