Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Can you trust your browser with your passwords?

Eric Geier | Aug. 24, 2012
Having your Web browser remember your passwords and/or credit card details can be convenient, but it poses some security risks. How much of a risk depends on which browser you’re using, whether you sync with other devices, and whether you’re using any of the browser's extra security features. Here are the main vulnerabilities in some of the most popular browsers—Internet Explorer, Google Chrome, and Mozilla Firefox—and ways you can protect against those weak spots.

Unfortunately, Internet Explorer 9 doesnt offer a native synchronization feature to keep your settings and saved data synced across multiple computers or devices, but, from a security standpoint, at least thats one less security risk you have to worry about.

Internet Explorer 10 in Windows 8 will provide new password saving and syncing features, but its not yet clear if they will be available when you use Windows 7. When I tested the Release Previews of Internet Explorer 10 and Windows 8, I found that you can view and manage saved browser passwords using the improved Credential Manager in the Control Panel. And for security, before you can view the actual saved passwords you must reenter your Windows account password, which can help prevent casual snooping by others.

Windows 8 will also offer a new synchronization feature that lets you sync passwords for apps, websites, and networksin addition to Windows settings and preferencesacross your other Windows 8 computers and tablets. For security reasons, before you sync your passwords with a new computer or tablet, you must log in to a Microsoft site and approve the new device. And if youve specified a mobile number on your Microsoft account beforehand, you'll get a confirmation code texted to your mobile phone that you must enter on the Microsoft site before the trust is granted and passwords are synced.

Google Chrome 21

Google Chrome provides a more feature-rich password-saving feature than Internet Explorer does, as well as an autofill feature that can also keep track of your credit card details. But while these can be great time-saving features, they also pose more security risks.

Chrome lets youor a thief for that matterbrowse through the list of saved usernames and passwords (alphabetized by site name) or enter the site name into the search field to filter the list.

For privacy, Chrome masks each saved password with asterisks, but you can click the entry and press the Show button to reveal the actual password. You can also change the password, but unfortunately Chrome doesnt sense password changes, so it won't prompt you when you log in to a site with a new password. You must go to the saved password entry and update it manually.

You can view a list of all saved addresses and credit card details, including the name on card, the account number, and the expiration date. Chrome partially masks your credit card numbers with asterisks, but you can click the entry and then click Edit to reveal the full number. The only card detail not saved is the card's security code, which is oftenbut not alwaysrequired to make purchases.

Unfortunately, Chrome doesnt offer a master password feature like Firefox does in order to protect all your passwords and credit card details. Thus, anyone whos logged on to your Windows account can view all the saved passwords and credit card details.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.