Allowing a web browser like Chrome to save passwords is an easy and convenient way to keep track of them. And it seems like a safe way to store them too – on the surface. Here are a few good reasons why that’s a bad idea.
Digital security is always on this precarious precipice of safety and convenience. On the one side, people want to feel like they’re doing everything they can to protect themselves. On the other, they tend to opt for the easiest and simplest route that’s available.
It can be hard to navigate this slippery slide without falling into the trap of becoming complacent. Going for whatever is available seems good enough.
Chrome users tend to fall into this trap quite often. They believe in trusting a big company like Google with their data. It is a tech industry titan, after all. Using whatever they have on offer should be safe, right? Well, not quite.
First off, it’s way too easy to view passwords on a browser like Chrome. For lack of a better analogy, it’s basically giving instant access to them away like free candy.
Anyone who has access to the computer can access the browser with no barriers. From there, they can navigate to the password settings page and view every password in plain text without prompting for any form of authentication.
Some browsers, such as Safari (mandatory) and Firefox (not by default) allow you to set master passwords. But even then, a hacker in charge of any malware on the device could see those passwords if the user ever views them. Windows 10 and MacOS try to make it a little more secure by asking for a password before viewing passwords in Chrome. But Windows 7, 8, or XP users (yes, they still exist), as well as Linux users, aren’t so lucky.
Now those are happenstance scenarios to be sure. But they aren’t the only ways hackers can get those passwords by a long shot. There are ways for hackers to get around the Windows/MacOS password requests. They can use the Inspect Element selection on any browser to edit the code of a page – including the one listing all stored passwords. By replacing the word “password” in type=”password” with the word “text”, all passwords will appear in plain text.
These are only a few possible scenarios too. Even more exploits exist. Some of them are not even public knowledge yet. In the end, if a hacker ever gets access to a device with Chrome installed, they can use it to view all stored passwords.
Don’t get fooled into thinking of Chrome as a password manager. Because it isn’t. Instead, download a full-on PC, macOS, Android, or iOS (for example, this one) password manager. There are a bunch of excellent password managers out there that support one or all these devices.
Here’s what makes an actual password manager different:
Password managers encrypt passwords and store them in a secure vault. You can’t access these passwords unless you have the master password of the corresponding account or database. And even then, most password managers have two-factor authentication. So the hacker would need to have access to a secondary account or device as well.
There’s no way to reveal passwords through a password manager unless the person opens up the app or extension and requests them. But again, they would need to get past the master password and two-factor authentication barriers to do this. So no one would be able to open up the password manager and check out the passwords in the settings menu. Like they could with a browser.
Password managers can be as convenient as saving passwords on browsers, too. So there’s no excuse not to use them. They can protect information (not only passwords but security questions and credit card details, for example) and auto-fill these when needed. Plus, they will also prompt to save passwords when logging in, as Chrome does.
It’s pretty easy to export passwords from Chrome and import them into a password manager. So get on that right now and download a password manager for iOS, Windows, or any other device you use. But make sure to delete (better yet – overwrite) the export file afterward, because it lists those passwords in plain text.
Saving passwords on a browser is better than not saving passwords at all. But doing so, on Chrome (or any other browser), is a risky choice. Use a respectable password manager instead and secure those passwords! A password manager isn’t perfect (no tool is), but it’s miles ahead of saving passwords on any browser. This way, at least, the chance of anyone ever seeing those passwords goes way down.