Store passwords in your browser? I don’t think so

IE and Firefox both permit you to store web site credentials for automatic re-use. Such a feature makes it more convenient for users to sign on to frequently-used web sites without having to type in a password every time.

I recommend you NOT do this.

In my opinion, use of a browser for storing and managing web site credentials is risky business. A browser is a virtual terminal that is used to access web applications, some of which contain malicious code. Such malicious code has little distance to travel between a browser and its stash of stored passwords.

In fact, already such exploits have been written in what are called “Reverse Cross Site Request” attacks, in which a fake login site fools the browser’s password manager into automatically providing login credentials.

And here is an article that explains these vulnerabilities further:

Instead of using browser-based password managers, I suggest you use a separate encrypted password vault such as Password Safe.


5 thoughts on “Store passwords in your browser? I don’t think so

  1. Dragos

    I have a questoin about this.
    I recently changed my yahoo mail pass and I forgot it because of browser password manager. I have this email for a very long time and I don’t remember the answer to my secret question too.
    So is there any whay I can look in my browsers pass manager for the pass of my email?

  2. peterhgregory Post author

    Hi Dragos,

    Firefox will permit you to view stored passwords. Go to Preferences > Security > Passwords. On my MAC version of Firefox it will allow me to view stored passwords. (I do not use this feature, but the Firefox UI suggests this possibility).

    Hope this helps!


  3. Pingback: Give the gift of safe Internet use this Christmas | Peter H. Gregory

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s