Do Not Use Your Browser As A Password Manager

by on Jul 19, 2009 | 11 comments

Pretty much every current browser out there has the ability to save your user name and password information on different sites and then fill them in when you visit later. While this function is incredibly useful and convenient, it is important to remember it is not a substitution for a password manager.

Since this information is stored in your browser, it lives and dies with your browser data. While this is typically not a problem, there is always the chance this information could be corrupted with an upgrade/patch or even worse, stolen via malicious software or a browser exploit.

By using a password manager, such as KeePass, you are assured protection. Since these programs focus on keeping your password information safe, this is the most reliable way to store your sensitive information.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

  • http://ducedo.com/ Stefan

    I’m not to fond of using a third part to store all of my passwords. Even though they certainly have tight security we’ve seen more difficult targets being hacked before.

  • http://www.bytehead.org/blog/ Bryan Price

    KeePass I find to be kludgy. Don’t ask me why, I’ve tried it, and I just never cared for it.

    That said, since I run multiple computers, even multiple versions of Firefox (3.0 (now 3.5 release), Shiretoko (3.5 nightly builds) and Minefield (3.6alpha nightly builds), I use Xmarks to sync not only the passwords but the bookmarks as well. And if I get really paranoid, I can use my own server instead of their server. And it can even work with IE (not that I’ve actually tried that myself).

  • http://sinaisix.blogspot.com sinaisix

    hi. Nice tip. I really like your posts which i hardly miss. This post really was very helpful. BTW, i have link of your site on my blog. Just my small way of saying thanks.

  • Stu

    I am also in the process of getting them all into KeePass! ;-) But it’s taking a while …

    Currently I have 409 passwords stored in FF. Many are also recorded in an openoffice text file, the rest are basically throwaways for those one time log-ins and are mostly memorized or rebuildable since I have a formula for making them in the first place. However, using the add-on Password Exporter, https://addons.mozilla.org/en-US/firefox/addon/2848 , I’ve also saved them all in a .csv that loads nicely into a OOo spreadsheet. And everything is frequently and reduntantly backed up.

  • http://howto-ubuntu.com eli

    I use Opera as my primary browser at work and home. And yes, I know it’s not the safest thing in the world, but darn it all I think that magic wand is far and away THE BEST password solution available for convenience and speed. One thing I do is include my wand password data file, and bookmarks, as part of my regular backups. This doesn’t solve the security issue, but its kept me from losing my passwords over several reinstalls of my OS.

  • http://www.scopulus.co.uk scopy

    Using your browser as your password manager is not advisable. (Thanks Jason) I have never done used the facility. Basically i don’t know how it works and if the data is encrypted and at what level.

    Its a shame that the browsers themselves do not make it clearer how secure the data will be.

  • http://twitter.com/philmonger Phil M

    Hmm!

    You can curtail the security arguments by using full disk encryption – that way if the laptop / HDD is stolen your passwords are trash.

    AFAIK all browsers essentially wall off the password storage area from the web renderer, ensuring that a browser exploit cannot access your saved passwords, in much the same way that a program running under a sandbox can’t actually touch the base OS. I know IE8, FF3 and Opera implement such a solution.

    Inbuilt browser password managers are great (I find) as they are seamless. Have you used Opera’s wand? Once you’ve used that you’d be hard pressed to use any other third party solution

    • http://digitivity.org Digitivity

      What are you using for full disk encryption? (and what OS)?

  • http://www.scopulus.co.uk scopy

    Security to some is extremely important especially were money and sensitive information is concerned. Using a third party solution that encrypts and can be on usb stick just seems like common sense.

    full disk encryption as Phil M mentioned seems like a good idea.

  • https://addons.mozilla.org/en-US/firefox/addon/12715 dav

    I use Billeo to manage my passwords which is VeriSign secured and TRUSTe certified. https://addons.mozilla.org/en-US/firefox/addon/12715 It’s a great password manager and a real time saver. It securely saves my passwords and I can easily edit or delete them anytime.

  • http://digitivity.org Digitivity

    I keep most of my passwords in a text file.

    You can then encrypt that file with various tools (but keep it unencrypted when you’re logged on).

    I do, however, let the browser cache the passwords. If it loses the passwords, I can just re-enter them from my passwords file.

    One thing I don’t do is try to memorize passwords.

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: