Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Can you trust your browser with your passwords?

Eric Geier | Aug. 24, 2012
Having your Web browser remember your passwords and/or credit card details can be convenient, but it poses some security risks. How much of a risk depends on which browser you’re using, whether you sync with other devices, and whether you’re using any of the browser's extra security features. Here are the main vulnerabilities in some of the most popular browsers—Internet Explorer, Google Chrome, and Mozilla Firefox—and ways you can protect against those weak spots.

Chrome offers a syncing feature to keep most of your settings and saved data (including passwords, but not credit card details) synced across multiple computers and devices, but this creates another security vulnerability. By default, Chrome only requires you to enter your Google account password to set up a new computer or device to sync your browsing data. This is a great convenience; but if your Google account password is hacked, the intruder can potentially access a list of all your passwords unless you set a syncing passphrase, as well discuss.

To keep your saved passwords secured during syncing, Chrome encrypts them when they travel from your computers or devices to Google's servers (and vice-versa). You can also set the browser to encrypt all other synced data.

By default, Chrome uses your Google account password to encrypt and decrypt the synced data, but you can enter another passphrase if you want to add an extra layer of protection to your synced data. When you set up Chrome to sync on a new computer or device, you'll need to sign in with your Google account password and then also enter your encryption passphrase.

Firefox 14

Firefox offers advanced password-saving features that are even better than Chrome's. But while Firefox doesnt natively support saving credit card details, at least that's one less security issue you need to worry about. As with Chrome, you can browse, search, and remove saved passwords via the Firefox settings.

Though you cant change the passwords in the settings, Firefox automatically senses password changes you've made elsewhere and asks if you want to update your password when you log on to a site with a password thats different than whats saved on your PC.

Unlike Chrome, Firefox lets you set a master password to encrypt and password-protect the saved password list.

You must enter the master password the first time you use a saved password, once per browser session. Additionally, even though you enter the master password the first time, you must always enter it before you can view saved passwords via the list in the Firefox settings. This is a great feature to help prevent casual snooping of your passwords, and it even prevents most third-party utilities from recovering them.

Firefox can also sync your passwords, settings, and other saved data among multiple computers and devices.

This is similar to what Chrome provides, but by default Firefox encrypts all synced data instead of just your saved passwords. Additionally, theres more security when you add a new computer or device to your Firefox Sync account. You can either enter a passcode from the new device into one that you've already set up, or take the recovery key from a device you've already set up and input it into the new device after logging in to your Firefox Sync account.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.