Priority #7 - Using the browser to remember your passwords

All of the main browsers can be configured to automatically save login credentials for websites as you log into them. This is a really helpful capability if you want to use more passwords that you can remember i.e. seven-ish. This is a good thing because the more unique passwords that we use, the safer we are. It is also convenient, because the browser will populate the password field automatically when we return to a password-protected website. But as always, convenience is a trade-off against security. In choosing whether or not to go with the convenience of having your passwords saved by your browser, there are a few things to be aware of.

Browser and Password Security

To stop casual access to all of your passwords, browsers implement only a modicum of security. And they all do it a little differently.

Firefox allows users to switch on a master password, which will be prompted for each time a password is required. This means that no one can have a quick look at your passwords while you are away from your desk and waiting for the kettle to boil. Firefox is the only browser to implement a master password and so is the most secure of the ‘Big Four’ – Internet Explorer, Safari, Google Chrome and Firefox.

Google Chrome & Safari request that we enter our operating system user account password before giving access to passwords. Internet Explorer stores passwords using the Windows Credential Manager. In all three cases, if your Windows or Mac user accounts are not password protected, then anyone with access to your keyboard can view (and download, in the case of Credential Manager) any and all of your passwords in a matter of moments. For Windows machines, there is also dedicated and free software to help you, or anyone else, ‘recover’ saved passwords from all four of the major browsers (WebBrowserPassView). There’s also a good number of tutorials floating around helping you to do this under your own steam, if you are so inclined.

In short, if you elect for the convenience of having your browser remember your passwords, then you should be clear on who will have access to your device. If you regularly leave your device unattended in shared or public spaces, then you should know that there is a risk that your passwords could be accessed.

To configure and manage the password save feature in your browser, use the following links: 

If you are using a different version that the one described in these links, you may have to do some additional searching to locate the relevant content.

Next up - Priority #8 - Lock-down your email systems