Should You Trust Web Browsers to Remember Your Passwords?
Anyone who browses the web every single day must be so used to usernames and passwords that they do not even think much about it anymore. What's more, entering your password when you try to access a certain page has virtually become an outdated relic because browsers now auto-fill those boxes for you automatically. On the one hand, it's great because you no longer need to remember passwords, but do you ever think about the security implications that come with using a browser's password manager? We would like to discuss it with you here.
Table of Contents
Do You Want to Save Your Password?
This is the question that most of the browsers will ask you by default the first time you enter your login credentials on some website. If you choose to save your password, the browser will auto-fill it the next time you access the website, and you will just have to click "Log In." Or even better: you might open a page already in the logged in state, with one step of the login process conveniently discarded. In a sense, it looks like the life has become a lot more convenient. You no longer need to remember passwords, and you can access everything a lot faster.
However, how much do you know about the built-in password manager that your browser uses? Are you sure that your data is safe? Everything can be cracked and opened in this world, and so the same can be applied to browsers, too.
Just two years ago, Opera experienced an attack on its sync system. Although the official claim maintained that the attack was blocked quickly, the browser's security team believed that some of the users' information might have been compromised. As a precaution, Opera offered users to reset their passwords immediately. The Opera sync system that was attacked was bused by less than 0.5% of the Opera user base, so on the surface, this breach did not look that bad. However, it unearthed a problem that is common to all browsers, and that is the security of their cloud storage.
What Happens When You Sync Your Passwords?
According to StatCounter, the most widely used browser in the world currently is Chrome, with 59.69% of the worldwide market share. Therefore, we shall use Chrome as an example to tell you more about synced passwords.
Perhaps it is not that hard to understand that you can save your password on your browser for future use. But what if you use the same browser across different devices? If you sign in to your Google account, for example, you can sync your passwords across desktop and mobile devices. Instead of saving the passwords all over again, the browser imports your passwords into your new device the moment you sign in to your account.
Google Chrome Help center says that your passwords can be saved in a different manner, and the way they are saved depends on whether you want to use them across different devices. If you sync your passwords when you are signed in to Chrome, all your passwords are saved to your Google Account. As a result, you do not need to remember a password anymore, even if you access some page from a different device. Likewise, you do not see the "Do you want to save your password?" box anymore, too.
So this looks like a pretty good deal that makes accessing your accounts a lot more convenient, but at the same time, it raises quite a few security concerns because the cloud storage used for this information might get compromised.
At the end of the day, security might not be the primal focus of any browser. Think about it, you probably think it's great that you do not need to remember passwords right now, and this is exactly the main goal of any developer: To make your life more convenient. Safety comes next. We're not trying to say that password managers provided by browsers are underdeveloped. For instance, Chrome is putting a lot of effort into ensuring the security of the stored data. And, for the most part, using a browser password manager is definitely better than reusing the same password across different sites.
However, the main problem with browser password managers is that they do not work towards developing new password habits, so to speak. They do not require users to have strong passwords, and they do not ask users to change them regularly. This would definitely increase the overall account security, and that's what third-party password managers do.
What Makes Stand-Alone Password Managers Different?
It is definitely redundant to say it, but it is clear that a password manager application remembers passwords for you. For instance, Cyclonis Password Manager, stores your passwords in your vault, which is encrypted with the AES-256 algorithm. So before your data gets sent to the cloud, it gets encrypted, and it doesn't reach the cloud storage in plain-text.
Also, if you use Cyclonis, you can be sure that you will have unique and strong passwords because not only will the application remember the passwords, it will generate them for you as well. Or, if you want to check whether a certain password that you use right now is strong enough, you can also use the application's Password Analyzer that calculates and rates the password strength. It even explains the total strength score, so that you could use the requirements later on if you want to come up with a new password yourself.
All in all, it is entirely up to you whether you choose to continue using your browser's password manager or a third-party application. However, using strong passwords is extremely important if you want to protect your personal information from potential data theft, and a password manager might be a good educational device. After all, security relies a lot on your habits and preferences. If you manage to change some of your online habits while using Cyclonis, it will surely be highly beneficial for you in the future.