EO Advisor

We Trust Our Browsers

Criminals Know This
Trusting your browser to save passwords?

Our browser is literally the window into our digital world. In the USA, Chrome has a 49% share and Safari has 35%.

Microsoft Edge and Mozilla’s Firefox are out there too, they each have about 3% to 4% of browser usage. You can dive deeper into these statistics here. 

One thing that we have come to appreciate about our browsers is that they are very helpful at “remembering” all of those pesky passwords.

It’s crazy, right? If you buy tickets to sporting events, concerts and other stuff online, you get handed off to a half-dozen different services that handle ticket transactions and each one of them demands that you create a unique username and password. And, that’s just for tickets.

Identity theft is very real and very scary. This password thing is hard because we’ve all been taught to create complicated passwords that are unique to each environment that we visit online.

Our browser is happy to help with this challenge. Often without giving it a lot of thought, we let our browser save our password for a transactional website like Ticketmaster, for example. That way, a month later when we get pushed to Ticketmaster for our next purchase, we don’t get bogged down because remembering our username and password is seamlessly handled by our browser. It becomes a habit that slowly expands. Over time, our browser is helping us remember our UN and PW for our bank accounts, our credit card providers, our healthcare provider, and more.  

While preparing this article, this writer checked his own Chrome account and was amazed to find this:  

 

Chrome browser password screenshot

 

OMG! My beloved Chrome browser is (was!) storing passwords for 377 websites. (Rest assured that the author addressed this with a solution described at the end of this article.)

Malicious hackers know all of the above

The bad actors who pursue identity theft to steal your money and sell your personal information recognize that hacking into your browser account is a gateway to a whole bunch of the other stuff that they really want.

Hacking into your Ticketmaster account might be a chance to steal credit card information or those precious tickets to see The Rolling Stones, but it’s hardly worth the effort. Hacking into your bank account could be more lucrative but banks are on the leading edge of cybersecurity. So, why wouldn’t a malicious hacker try to skip all of that by hacking into your browser’s system for storing passwords?

The hackers call this “Harvesting Browser Credentials” and it is such a focus of their attention that even good hackers post articles about how they are able to crack into browsers.

Password Managers are much safer

A browser’s primary function is speed and convenience. Google and the creators of other browsers want to be sure that your browser is secure but a user-friendly experience is the priority. The browser creators leave it to us, the users, to decide when we need a higher level of encryption to protect our passwords and it’s our responsibility to say “no” when the browser pop-up window offers to store the information for us. That’s fair but the reality is that we slip more and more into a comfort zone using the browser’s capability.

DON’T DO THIS. USE A PASSWORD MANAGER INSTEAD.

Unlike our browsers, password managers are focused on encryption. Using a PW manager, our passwords are stored on a server behind heavy firewalls with encryption and encoding processes.

Password Managers strongly encourage, some even demand, the use of Multi-Factor Authentication. Something the browsers rarely do.

In some cases, PW managers store passwords on the device being used but these files are heavily encrypted, generally using something similar to AES-128 which is nearly impossible to break. This keeps your passwords from ever traveling on the Internet. In other cases, passwords are stored in the cloud but the PW manager will encrypt the password before it leaves the device and is sent to their servers. With that solution, not even the password manager’s server has the password in clear text.

OK, using a password manager is more cumbersome than just letting your browser handle your passwords. That’s why the browser solution is so popular. The small amount of extra effort is most definitely worth the benefits of security.

There are many password managers available for individual users and small businesses. EO Advisor is not endorsing any specific brand but we’ve done the homework so that you don’t have to. Two password managers that we recommend are LastPass and BitWarden. An independent comparison of these two choices can be found here. If you want to consider a longer list of companies, start here.

Don’t bog down over picking your password manager. Pick one and get started.

Do your friends and family a favor because everybody needs the advice provided here, please SHARE this article.

If the process of creating a password manager is confusing or difficult, don’t hesitate to contact us

  • This field is for validation purposes and should be left unchanged.

Like this article? Read more news about .