Almost every website we visit requires an account with a new password. Remembering passwords in an onerous task, and therefore, our web browsers conveniently offer to store them for us. However, what you might not realize is non-securely these passwords are kept in the browsers. As a matter of fact, these passwords are easily hackable no matter how strong the actual password is. (And we can prove it). Therefore, we urge you NOT to store your passwords in your browsers any more. Instead, find a great password manager which will not only store your passwords securely, but also help you create new secure passwords more easily. Many of these password managers have many other features and can sync in the cloud so that you can easily access them on your computer, laptop, or phone.

Why Internet Browsers are Bad at Storing Your Passwords:

When online, your chosen browser (Chrome, Firefox, Safari, etc) will often prompt you to save your passwords to sites as you create them. Though this seems like a safe and convenient option, there are several risks involved with storing all your passwords on your browser.

Most hackers target your internet presence as a way to get into your system at large. They put up fake webpages that look like your bank’s login screen, they mirror an application download page, or create a fake pop-up alerting your javascript player needs to be updated, etc. They will go to great lengths to manipulate people to click on malicious links. Even people who are internet savvy and can spot a spam email can be fooled by a good recreation of a website under the right conditions.

And since your browser is often the first place a hacker targets, as soon as they get into your browser, they also have every single one of your passwords, usually including social medias, emails, banking, and personal information. One breach, and a hacker gets all your information relatively easily. Here are some more details on how browsers enable hackers to steal your information:

Browser Hijacking – Browser hijacking is where an attacker tricks your browser into doing something malicious. For example, an attacker might trick you into viewing a pop up window or entering login details without you noticing, making the attack successful. Since browser security is weak, someone can perform browser hijacking with just a few lines of code in order to execute the payload on a user’s computer. This makes it really easy for anyone to hack into your account in seconds if you aren’t very careful.

Pop Up Windows – Since browser security is weak, attackers are constantly tricking users into opening things. Most websites that you visit will load small images that look almost exactly like ad banners inside of your browser. By placing the image in your address bar, the attacker can trick a user into thinking they clicked the banner before executing whatever exploit they placed inside the script. Once the hacker places their payload on a victim’s computer, everything else happens much faster. So by clicking those pictures they won’t need to type anything at all.

Login Forms – Browser forms are often filled out incorrectly on purpose as to trick visitors away from real-time phishing scams that use spoofed login information. Because everyone uses the exact same software when entering their email and passwords, fake login portals can be pretty convincing. They ask you to input your name and other personal information while showing a website that looks exactly like the company logo for the site you’re attempting to log onto. It usually gets even better after some sort of automated validation. After the victim enters his or her information into the form, it asks for further details such as credit card numbers and phone numbers.

Even Your Favorite Sites Can Betray You

It’s even easier for a hacker to get your personal information if you don’t use different passwords or change them frequently – because websites often get breached, logins and passwords are put on the dark web for purchase. Another suspicious person can buy this information and use it against you, looking into your social medias and other accounts to see which the sites the login will work with. Now they have access to all your data, the same as if they hacked your browser or email.

So sometimes it is not even in your control, having your data exposed. In this day and age, almost every big corporation has had some type of data breach – although recent laws require them to disclose their breaches to the public. Thankfully, there are plenty of ways to protect yourself, without using your browser to store your passwords, and we’ll go through some techniques to avoid this.

Conduct A Dark Web Scan

If you wanted to know if your passwords or usernames have been exposed in a breach, you can conduct a dark web scan. The dark web is a place where data and other illegal goods are sold online, including whole lists of usernames and passwords from sites that have data breaches. In today’s world, the internet goes far beyond being just an online shopping tool. In fact, the dark web is now being referred to as “the third-largest source of Internet traffic after the World Wide Web and e-mail”. It’s possible to browse the dark web through several websites like The Onion Router or Tor sites with an extension called Browser. They were originally developed to hide the identity and location of people online. Now however, it’s widely accepted as a secure browser due to its anonymity and privacy. However if you visit a site without the proper protections and security, you risk exposing yourself to malware, scams, and viruses. These threats come from other malicious users who have visited the original site with your browser or a phishing website disguised lookalike website.

Dark Web Scans can be conducted by IT professionals, and it is easy and painless to check. If your company has an IT team, ask them to help. Or, KPInterface can conduct free dark web scans for business, just contact us online.

Download A Password Manager ASAP

The real tool and replacement for storing passwords on your browser is a password manager. Password Managers are usually their own applications, often with browser plugins to help it record information needed. They require a Master Password and Multi-Factor Authentication to log in, which is what makes it more secure than a browser by far. That means a hacker would need to have access to both your Master Password as well as access to your mobile device before they can get access.

Password Managers have several other useful tools, like a password evaluator that lets you know if you’ve reused passwords or if the password is too weak. It can also generate and store passwords for you, so every website that you visit has a different, secure password. Password Managers can also manage personal identity and banking details as well, which can autofill just as easily as your browser when checking out purchases online. Password managers can even help you stay completely safe online. Once you fill up the vault of your choice, you simply sign in from an app that works much like Google sign in. And thanks to the built-in two factor authentication technology, your login details are automatically secured without ever leaving you. And of course, if your app has the capability, you can sync your vault across multiple devices and computers. You shouldn’t put anything online without being 100% confident it’s secure, however, which means putting a strong password management system in place isn’t optional anymore.

If you are looking for a recommendation, we are currently recommending to our clients LastPass. Everyone on our team uses it, and it is the only password manager we allow our clients to use as well. If you are just one user, they have free accounts for password storage. For businesses, LastPass has corporate accounts, or KPInterface can help download and manage password managers as part of our cybersecurity package, Cyber Care. If you need more information on password managers, feel free to contact us directly, or comment below!

Keep Yourself Safer

A password manager is essential when it comes to your online accounts, however it also keeps you safer in the real world. As a people who live online 24 hours a day, every day you can choose from tons of apps that can help you manage passwords, secure online accounts, and much more. You don’t want to end up on the dark web and lose all your private contacts after using an insecure browser storage. Luckily, modern password managers today provide multi factor authentication, which increases your online safety greatly. You can also set up rules for alerts that warn you if you enter too similar or similar combinations for your logins. These features give you peace of mind while also ensuring you never forget an important login. You should always trust your password manager as it keeps you safe, happy, and productive. It can also reduce the risk of identity fraud.

Don’t wait any longer to start working on your cybersecurity. Order a password manager now so you have a trustworthy system in place to save every aspect of your life online while keeping yourself free from the dangers posed by people online.