Store passwords in your browser? I don’t think so

IE and Firefox both permit you to store web site credentials for automatic re-use. Such a feature makes it more convenient for users to sign on to frequently-used web sites without having to type in a password every time.

I recommend you NOT do this.

In my opinion, use of a browser for storing and managing web site credentials is risky business. A browser is a virtual terminal that is used to access web applications, some of which contain malicious code. Such malicious code has little distance to travel between a browser and its stash of stored passwords.

In fact, already such exploits have been written in what are called “Reverse Cross Site Request” attacks, in which a fake login site fools the browser’s password manager into automatically providing login credentials.

And here is an article that explains these vulnerabilities further:

http://www.technewsworld.com/story/54413.html

Instead of using browser-based password managers, I suggest you use a separate encrypted password vault such as Password Safe.

Advertisements

4 thoughts on “Store passwords in your browser? I don’t think so

  1. Dragos

    I have a questoin about this.
    I recently changed my yahoo mail pass and I forgot it because of browser password manager. I have this email for a very long time and I don’t remember the answer to my secret question too.
    So is there any whay I can look in my browsers pass manager for the pass of my email?

    Reply
  2. peterhgregory Post author

    Hi Dragos,

    Firefox will permit you to view stored passwords. Go to Preferences > Security > Passwords. On my MAC version of Firefox it will allow me to view stored passwords. (I do not use this feature, but the Firefox UI suggests this possibility).

    Hope this helps!

    Peter

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s