2

I keep hearing various security-minded people saying that using your browser's password manager is a bad idea because it's not safe. How true is this?

I know that Safari uses the system keychain to store data and I suppose that Chrome and Firefox have a similar setup. Are there attacks in the wild against a browser's password manager?

crc32
  • 23
  • 3
  • Also related: https://security.stackexchange.com/questions/40884/is-saving-passwords-in-chrome-as-safe-as-using-lastpass-if-you-leave-it-signed-i – Arminius Nov 27 '16 at 01:04

1 Answers1

3

The biggest problem with saving your passwords in your browser is that it's not hard for someone who gains access to your computer to also access all your passwords.

In Chrome, for example, you (or anyone who hacks into your computer) can just go to the browser's settings and click on the show button in the preferences tab to reveal any saved password.

There are some tools that will reveal the passwords stored in the browsers.

http://www.nirsoft.net/utils/web_browser_password.html

WebBrowserPassView can't retrieve passwords that are encrypted with a master password, though. That makes Firefox the most secure of these three browsers when it comes to password management, because you can encrypt and password-protect your logins in Firefox with one master password.

If you don't set the master password in Firefox (which is not enabled by default), though, you are re vulnerable to the same security issues if your computer gets into the wrong hands.

Michal Koczwara
  • 1,580
  • 3
  • 15
  • 27
  • To be fair, somebody who gains enough access to your computer to read your saved passwords could typically install spyware to steal your master password as well so the security difference is rather small. – CodesInChaos Nov 27 '16 at 11:00