Today I visited one website in chrome browser and after making the process of registration and login on that web site. The browser prompts me that "Hey man, can I get the permission to remember (save) your login details". And as usual, my cerebrum has got activated and started thinking of whether I have to click on allow button or not.
The browser whose major job is to do browsing only and not like the password manager, is really capable to save my password? I asked the question to my brain.
My brain gives reply back to me that hey duffer you have seated in front of a computer screen and on that computer, the browser is there to solve your query so go ahead and search for it.
After exploring this topic I get the following information.
Password managers built into browsers are primarily there for convenience, and security plays a lesser role. The reason for this decision is that regular users are more easily convinced to use a system that is convenient for them, rather than a system that is more secure, but harder to use.
Pros of using it:
You already have it. Everyone uses a browser these days, and all major browsers come with built-in password managers. This means that from a regular user's point of view, the barrier to entry is incredibly low.
It discourages password reuse. People dislike remembering passwords, so they certainly won't remember one password per site. If the browser automatically suggests a strong password upon registering, then the user will not be tempted to reuse an existing password for it. Furthermore, the passwords suggested by the password manager will likely not be cracked by any attackers, should hashes ever be stolen.
Cons of using it:
It doesn't defend against local attacks. Attackers which may have access to the computer of the user (think jealous girlfriend, not government agency) may be able to get the passwords rather easily. With access to the browser, for example when a user forgot to lock their computer, all passwords can be read out in a matter of minutes.
It should be noted that local attacks are not something every user is concerned with.
Someone could potentially hack into your Google account, sign into Chrome, and also get access to all your passwords.
There's no "master password" (outside of your OS password) to protect them if someone should get logged in access to your computer.
On Linux, chrome will allow users to view saved logins, even without requiring a user password (unlike on Windows and macOS, where a user password is required). Firefox, on the other hand, gives instant access to those passwords, without authentication, regardless of platform (unless a master password is set). Like Chrome, Safari at least hides passwords behind a user's password.
How to get the browser saved passwords without knowing the os password of the device.
However, even on the Windows and macOS operating systems, there are ways around the password prompt. For example, using the Inspect Element window of a browser, you can edit the code of a page in such a way that it will un-hash a user password. To do this:
- Right-click the password field on a website.
- Select Inspect Element.
- Double-click on type="password", and replace password with text.
- Hit Enter, and close the Element Inspector. The password will be unhashed, revealed for all.
Saving the passwords of the website which is less important, will be ok but saving the passwords of banking websites, social media websites and all such important websites will be dangerous for you.
BeSafeBeAware
:<)
Top comments (12)
If anyone wants to know what they should use instead, I recommend Bitwarden. It is open source, has a good free tier, and premium is only £10 a year (a lot cheaper than the alternatives).
I use a self-hosted version of Bitwarden: github.com/dani-garcia/bitwarden_rs.
It's open source, written in Rust (one of my favourite languages), really fast and it has all the features you would get with the paid version.
(it is also compatible with upstream Bitwarden clients)
Yes Bitwarden is very nice and cost effective than keeper , Dashlane and many others. LastPass is also good password manger.
Fun thing about Windows and probably macOS: although it requires OS password to see stored credentials you can use Dev tools on each page either by console and do something like
document.getElementById('password').value
or change type to text on element on the page you want to login. So I don't really see the point of that main passI couldn't know this. Thanks for your information.
Nice article to get started with saving passwords on the browser. Google chrome does not only store to chrome but to your account too. You can access those passwords by searching on Google irrespective of platform.
I think having a good password is necessary as you can't remember the password of hundreds of websites and can't take the risk to use the same password.
Yes you are right suraj
I personally like to use LastPass to save my passwords which can be easily accessed through extensions and mobile app. Also as you just mentioned, I don't prefer using my browser to store my important passwords simply because I don't trust my browser. But when it comes to passwords of websites which I don't really much care about but I visit often then it's ok for me to store it in the browser for faster access because in such a case I don't really care if my password got stolen.
Yes rishabh you are very correct . its totally depend on how much important the website for us.
Great article. I hope this garners lot of readership. Simple security measures we all take for granted. Thanks for sharing.
Thanks a lot man. Your comment excites me to write some more amazing articles.