Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Can you trust your browser with your passwords?

Eric Geier | Aug. 24, 2012
Having your Web browser remember your passwords and/or credit card details can be convenient, but it poses some security risks. How much of a risk depends on which browser you’re using, whether you sync with other devices, and whether you’re using any of the browser's extra security features. Here are the main vulnerabilities in some of the most popular browsers—Internet Explorer, Google Chrome, and Mozilla Firefox—and ways you can protect against those weak spots.

Having your Web browser remember your passwords and/or credit card details can be convenient, but it poses some security risks. How much of a risk depends on which browser youre using, whether you sync with other devices, and whether youre using any of the browser's extra security features. Here are the main vulnerabilities in some of the most popular browsersInternet Explorer, Google Chrome, and Mozilla Firefoxand ways you can protect against those weak spots.

Common Security Risks

The biggest problem with having your browser save your passwords involves prying eyes. Not only can other users who have access to your computer log in to your accounts and see your actual passwords or credit card details, but so can a thief if your computer, smartphone, or tablet gets lost or stolen. And the same risk applies if you havent properly erased your data from your PC when you get rid of it; whoever ends up with it next might be able to recover your information. Also, some viruses and malware can steal your saved passwords or credit card details.

As youve may have noticed, banking sitesand many others that deal with highly sensitive informationdont let your browser save your password. However, if you use the same or a similar password on sensitive sites that you do on less-secure sites, someone else may be able to easily guess your banking password, for example.

Some browsers let you (or, potentially, thieves) view a list of your saved login credentials, including the site, username, and password. And for those that dont, utilities like WebBrowserPassView can easily let you compile a list of them. This is handy if you forget a password or you want to evaluate all your passwords, but it's problematic if an intruder uses such software on your computer. Another way you (or thieves) can recover saved passwords is by using a utility like BulletsPassView to reveal the password behind a masked password field on a webpage or window.

In the next sections, well take a look at three popular browsersInternet Explorer 9, Chrome, and Firefox to evaluate their credential-saving features, and discuss some tips for better securing them.

Internet Explorer 9

Internet Explorer 9 offers the most basic password-saving functionality of the three browsers were covering. Its AutoComplete feature can also remember your name, address, and other data you type into Web forms or search fields. It doesnt provide a way for you to view saved passwords from within the browser settings: It only allows you to change the main settings and delete all AutoComplete history.

Not being able to view a list of the passwords can help prevent casual snooping. And even though you can still log in to sites the browser saved the password for, you cant by default view the password itself. As mentioned before, however, a determined hacker can use a utility to see a list of all your saved passwords or to reveal the actual characters behind the password field on a login page.

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.