Secure My Stuff Now

Simple Advice to Secure Your Life

Simple home and digital security advice to secure your life

Are web browser password managers safe to use?

by

browser based password managers

With the growing number of online accounts, remembering all your passwords can be a daunting task. That’s where password managers can not only come in handy but become essential. I don’t know about you, but tracking, organising and securing my hundreds of passwords is overwhelming. A password manager takes that responsibility on for you. And for a while now, web browsers have offered to save and store our passwords for us. Their function and security have improved considerably over time. But are web browser password managers safe to use?

What are Web Browser Password Managers?

Most major web browsers now have password managers built in to help you keep track of them. These Password managers are secure applications that store and generate unique passwords for each website or service you use. They also allow you to easily sync your credentials across multiple devices so that you can access them wherever and whenever you need them when using that web browser.

Trending
How To Choose The Best Padlock To Secure Your Stuff

With these tools, it’s easier than ever to protect yourself from unauthorized access to your data and accounts without having to remember hundreds of complex passwords.

What are the benefits of browser-based password managers?

There are some clear benefits to using a web browser-based password manager. These include:

No extra downloads

Unlike third-party password management utilities, you won’t need to download anything extra. It’s all there waiting for you in your web browser.

Generate passwords

These password managers will generate secure, unique passwords for you. No more using the same password or a variation of it!

Synced autofill for logins

With a few simple clicks, your passwords will be securely synced to all of your devices. No more worrying about forgetting them – when you sign into any browser on any device, the passwords are already there for you!

Free

Free is great, isn’t it? You don’t have to pay a single penny for these integrated browser-based password managers. They come built-in with the browser, which of course is free too.

Secure encryption

Your stored and synchronized data is secured by the very same two-factor authentication protocols and encryption that you’re already familiar with from your email, cloud storage, and device security.

Which browser has the best password manager?

Nowadays, all of the leading web browsers offer a password manager with encryption to ensure your data is protected. However, there are certain differences between Safari, Chrome, Firefox and Edge in terms of their functionality.

Apple’s Safari

If you use only Apple products, then Apple’s iCloud Keychain is the most obvious choice for you. Safari’s password manager, pre-installed on all Macs, iPhones and iPads, requires an iCloud account to use. If you already own any of these Apple products then chances are that you have one set up already!

Google Chrome

Not loyal to one operating system? Google’s password manager works wherever you use the Chrome browser. Chrome doesn’t care if you’re on an Android, Windows, or iOS device. Google offers Chrome apps for all operating systems.

Mozilla Firefox

Those who are vigilant about protecting their online privacy routinely rely on Mozilla Firefox as their go-to browser. This is because the company behind Firefox, Mozilla, is a non-profit enterprise whose foremost goal is to ensure your digital security.

The Firefox browser offers a comprehensive password manager and syncing capabilities across several operating systems. All you need to do is create an account with Firefox, and enable its Sync feature and your passwords will be saved securely and effortlessly shared between devices. Unlike Google, Microsoft or Apple accounts which are linked to other services like emails or cloud storage, your Firefox account will remain unconnected from any external third-party service!

Microsoft Edge

Are you already a Microsoft account holder? If so, Edge’s password manager is the most convenient. Enable sync and all of your stored passwords will be easily accessible in the Edge browser on any device that has been logged into with your Microsoft account.

What is the best browser password manager?

Ultimately, your choice of browser password manager will be based on the operating system and online services you use most. But the two with the standout features are Chrome and Firefox because as you see from the table below, both offer two-factor authentication AND a master passphrase feature. These will greatly enhance the security of your data on your device.

What are the disadvantages of browser-based password managers?

Why wouldn’t anyone want to use these password managers built into Chrome, Firefox, Safari or Edge? The list of disadvantages is shorter, but these factors are worth considering:

Limited to a single browser

The most obvious drawback is that browser-based password managers don’t work with alternative browsers. If you routinely switch between browsers on different devices, you’ll find yourself frustrated when you change a password on one device only to discover days or weeks later that your secondary browser is now offering an outdated set of credentials.

If you’re a Chrome user utilizing its password manager, then your login credentials will be synced across all of your Google accounts. Unfortunately, this information isn’t accessible in other browsers such as Firefox and Edge- it can only be found within the confines of Chrome. Furthermore, if you opt to use auto-generated passwords that are long and random (which we highly recommend!), then there’s no way for you to recall them without actually logging into Chrome first.

Basic features

Although browser-based password managers may be free to use, their features pale in comparison to those offered with paid alternatives. Although these programs have become more competitive by introducing alerts for users who had a data breach and allowing them to store addresses and credit card numbers quickly; they still lack other interesting features that can only be found when using paid services. Some of these missing features include:

No secure notes / storage

You won’t be able to store other private information like notes or files in your web browser’s password manager, unlike a dedicated password manager from a third party provider.

Cannot securely share passwords

It’s impossible to securely share your passwords with family/friends using your browser’s password manager. This feature is typically present with paid password managers from third parties.

Lacking folders and organisation

Password managers like those of 1Password, LastPass, keeper, DashLane and RoboForm will let you organise your passwords into things like folders. This make managing your passwords easier, a feature not present with browser password managers.

No dark web monitoring

You won’t know if your passwords have been accessed via a security breach. There are features called dark web monitoring with paid password managers that monitor the dark web for data breaches and alert you when your passwords or private, sensitive information show up where they shouldn’t!

No option for audits

Again, another feature you will miss out on is password auditing. This is often provided by paid password managers. They will assess your existing passwords and identify weak passwords, reused passwords , are

Should I use a browser-based password manager?

I believe the biggest advantage of browser-based password managers is their convenience. We all use browsers. In fact, much of our work these days is conducted on browsers. We store and edit documents in cloud services like Google Drive or Microsoft’s OneDrive. We surf the internet, log in to accounts, conduct banking transactions, buy and sell stuff, and interact with people on social media, all from web browser interfaces. So, it makes sense to have passwords managed within that same browser. It is incredibly convenient.

Convenience vs Security

But I believe our desire for convenience is also one of the greatest threats to our privacy and freedoms in our modern world. And that is why I would caution against browser password managers.

Technology is awesome. One of the greatest benefits is the time-saving it offers. And much of that time savings is granted through convenience. But it does come with a trade-off. And each person has to make a decision about the price they are willing to pay for that convenience.

Opting for random password generation in your browser is a huge upgrade from reusing weak passwords. If you’re using either Chrome or Safari and have an Android/iPhone respectively, accessing those stored passwords on many of your mobile apps can be effortless.

But in using a web browser password manager, you are tying your passwords to your account with that company. These companies are in the business of capturing and using data for profit. So, I think it’s worth thinking about whether you want your confidential data stored on their servers, with them as gatekeepers. There’s been no known compromise of the private data of account holders, it is worth a word of caution.

My biggest concerns with using a browser-based password manager

But beyond the issue of handing your data over to a major corporation to store and secure, there are some more immediate concerns I have.

Web browser password managers are only as secure as your device is

The first is, a user must be aware that the safety of their passwords on that web browser password manager is only as secure as the device on which it is used.

Many people blindly trust the default settings of a password manager to secure their data. But, there are risks you should understand and steps you should take to further secure your passwords on web browsers.

Understand that anyone that has access to the device can gain access to the browser. And if two-factor authentication isn’t turned on, or a master password hasn’t been set, then your passwords are at risk.

The backdoor security flaw of all web browser password managers

Secondly, there is an even more sinister problem with all the web-browser password managers. While the passwords are encrypted on your machine with suitable levels of encryption, like AES 256-bit SSL/TLS, these browsers store the key used for encryption in easily accessible, unsecured folders on your computer.

Anyone that has access to your computer, including via malware, could drop a script that extracts the key and decrypts your “secured” passwords.

You can see how simply this is accomplished here.

That’s why you should also consider adding other weapons to your security defence, such as VPN and antivirus. And, that is why I also recommend using third party password managers.

Why you should use a third-party password manager instead

As already mentioned, in addition to built-in password managers, there are also third-party password managers. These tools offer more robust capabilities and stronger security protocols. I personally believe these make for a more reliable password manager. Plus, as I outlined previously, they come with a greater set of useful features such as password audits, dark web monitoring, family sharing and secure storage for sensitive files.

These applications have often been developed with the highest levels of encryption, multi-factor authentication, and other technologies to provide an extra layer of protection for your data and accounts. Notable password managers are DashLane, LastPass, 1Password and Keeper. Yes, they are paid services, but a paid service also offers some degree of customer assurance and service. There are also some decent free password managers.

While these solutions may cost a bit more than the free built-in password managers, they can offer greater peace of mind when it comes to securing your online presence.

All of these password managers, whether browser-based or from a third-party provider, provide some form of cloud based password manager. Third party options will often also combine offline options with the cloud. However, I understand that some folks are concerned about password security and reliability with cloud services, and there are indeed some offline password manager alternatives.

The Final Score: Are browser-based password managers safe?

In the final analysis, I believe that third-party dedicated password managers offer more robust security. And they come with a long list of helpful features too. So you may want to check out LastPass, Keeper, DashLane or 1Password. But, a web-based browser can be a good start to secure your passwords. The two best ones would be Chrome and Firefox. Just make sure you turn on two-factor authentication and the master password feature to secure your passwords. And then ensure you secure your device with 2FA as well. It’s also wise to add further layers of security via antivirus and a good VPN to ensure your data is further protected.More people are turning to secure email services to prevent leaks of personal data too. Be smart and stay safe.