Which Is Best: Saving Your Passwords in Your Browser or Storing Them in a Dedicated App?

Password Storage: Browsers vs Password Managers

'Why bother with a dedicated password manager that stores my passwords when I can use my browser's built-in function that does the same thing?' This is, indeed, a reasonable question. After all, over the last few years, browsers' password saving tools evolved quite a bit, and most of them now let you synchronize your login credentials across all your devices. In addition to this, some of the browsers can also save other sensitive information like credit card details, and they can auto-fill online forms. So, why are dedicated password managers still here? And why do security experts prefer them to the regular browser? Let's take a look at two of the major reasons.

The mechanisms for storing and accessing passwords.

We'll start with something obvious. Stats vary and are not exactly conclusive, but most of the sources agree that about 70% of computer users use either Google Chrome or Mozilla Firefox to browse the Internet. With these two browsers, it's trivially easy for anyone with physical access to the PC to see the saved passwords in plain text.

If you're a Chrome user, you just need to go to chrome://settings/passwords and click the show button. With Firefox, the task involves a couple of more clicks. Open the Settings page, go to the Privacy & Security tab, click the Saved Logins button, click Show Passwords, and you're there.

Of course, there are some protection mechanisms in place. Firefox, for example, can protect your login data with a master password that you choose, but the option is disabled by default. If your Windows account is password protected, Chrome won't display the saved passwords in plain text until you authenticate yourself, but once again, it's difficult to say how many people lock their home computers with a password.

By contrast, a dedicated password manager won't let anyone access the data without the master password, and it can be configured to ask for authentication every time you try to log into a website. In addition to this, the good password managers also come with auto-logout functions which means that if you forget to sign out of your password manager account and leave your computer unattended, the application will log you out automatically, thus minimizing the chances of any real damage.

Now, at this point, some people might say that this is not a valid argument because physical access is required. A few years ago, experts from Microsoft published the "10 Immutable Laws of Security," one of which says that "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore." Even so, it's good to know that an app is dedicated to keeping your sensitive information safe in case someone does manage to get to your machine.

What about remote access, then?

Browsers and password managers have one thing in common when it comes to handling passwords – they don't store them in plain text. The difference is, browsers store the keys to decrypt the data on the user's PC whereas a good password manager encrypts the information with the user's master password which isn't stored anywhere. As a result, people who know what they're doing can export the passwords saved in Chrome and Firefox in a matter of seconds. Those who don't can use one of a slurry of automated tools that are available for free. With dedicated password managers, attacks successfully exfiltrating all the passwords at once are yet to be seen.

So, password managers do a lot more to protect your passwords than browsers. Mind you, this is hardly surprising. The browser has so much more to do in addition to storing login information, and a password manager is designed from the ground up to do just that. There is one more thing, though.

Password managers have a real impact on the way people think about their passwords.

They come with additional features which will prevent you from making mistakes that, unfortunately, are all too common – namely, using and reusing weak passwords. Simple, easy-to-guess passwords have caused quite a few security incidents over the years, and yet a lot of people still don't realize that protecting your accounts with the name of your dog really isn't a good idea. Some do take the time to come up with a sufficiently complex password, but they then go on to reuse it on all websites. This means that a data breach at one of the online services they're using will expose all their accounts, and unfortunately, data breaches, like password reuse, are very common.

To minimize the chance of getting your accounts compromised, you need to set unique, complex passwords for every single website you're using. This is not impossible if you're using a browser to store your passwords, but it's a headache. Password managers and their built-in password generators make the whole ordeal a whole lot easier. In fact, creating a complex password could be as easy as clicking a few buttons. In addition to this, password managers are designed to inspect your passwords and point out which ones you should change based on their age, complexity, and whether or not they might be found in a data breach.

All in all, managing passwords with the help of your favorite browser is easy, and people know this. What some of them don't know is that managing them with a dedicated app could be even easier.

Here at Cyclonis, we want more people to realize that password management needn't be difficult which is why we've created the Cyclonis Password Manager. It will give you all the convenience of keeping your passwords in your browser, but thanks to a strong AES-256 encryption algorithm, Two-factor authentication, and a host of other features, it will provide you with greater peace of mind. Your login credentials, as well as other sensitive information, can be synced across all your devices via a cloud storage provider of your choice, and you'll also see which of your passwords need to be changed. The best thing about it is, storing your data in Cyclonis Password Manager won't cost you more than storing it in your browser. It's completely free.

March 30, 2018

One Comment

  • nagu malluri:

    My account is hacked and someone else used my without permission