Never Allow Your Web Browser To Save Your Passwords | Here’s Why
Who wants to type a password every time when visiting a website? So, for our convenience, we saved the password to the browser and get rid of entering it every time it’s requested. But this is not a good idea because it is so easy to view saved passwords in modern web browsers. Here we are going to share with you why you should never allow your web browser to save your passwords. Let’s begin
Chrome will allow users to view saved logins, even without requiring a user password (unlike on Windows and macOS, where a user password is required). Firefox, on the other hand, gives instant access to those passwords, without authentication, regardless of platform (unless a master password is set). Like Chrome, Safari at least hides passwords behind a user’s password. The difference between Firefox and Safari is the password isn’t optional in Apple’s browser.
Here’s how easy to view saved password
if you’re using either the Windows 10 or macOS platforms you will be prompted for a user password in order to access saved passwords in Chrome. Linux, on the other hand, gives the user instant access, without prompting for authentication. However, there are plenty of tools available (such as iSumsoft Windows Password Refixer), which make it possible for a user to reset a Windows password and get around this hurdle. Firefox will give you access to those passwords without authentication, regardless of platform.
However, even on the Windows and macOS operating systems, there are ways around the password prompt. For example, using the Inspect Element window of a browser, you can edit the code of a page in such a way that it will un-hash a user password. To do this:
- Right-click the password field on a website.
- Select Inspect Element.
- Double-click on type=”password” and replace password with text.
- Hit Enter and close the Element Inspector.
- The password will be un-hashed, revealed for all.
The above steps work, regardless of browser or platform.
Let me demonstrate another way to view saved passwords on the three browsers mentioned. Remember, this only works on passwords that are stored by the browser. First, we’ll look at Chrome. To view saved passwords in Chrome, do the following:
- Open Chrome.
- Click the Menu button and select Settings.
- Scroll to Autofill and click Passwords.
- Locate the password you want to view and click the “eye” icon (Figure A).
- On the Linux operating system, you will not be prompted for a user password. On macOS and Windows, you will be required to authenticate the user before passwords will be listed.
- Enjoy that password.
To do the same trick in Firefox, do the following:
- Open Firefox.
- Open the Menu and select Preferences.
- Click Privacy & Security (from the left pane).
- Scroll to Logins & Passwords.
- Click Saved Logins.
- Click Show Passwords (Figure B).
- Enjoy your passwords.
When a web browser like Chrome, Firefox or Safari is allowed to store passwords, you’re putting your network security at risk.
The only caveat to the steps in Firefox is if a Master Password is in use. Should that be the case, you’ll be prompted for that password after clicking Show Passwords. Without the Master Password, you cannot view stored credentials.
Now, let’s examine Safari. Here are the steps for viewing passwords in Apple’s browser.
- Open Safari.
- Click the Safari menu in the top bar and select Preferences.
- Click the Passwords tab.
- When prompted either type your password, or use the fingerprint sensor (if available).
- Click on the website you want to view (Figure C).
- Enjoy that password.
Clearly, Safari has the edge here, only because it requires the use of a password to view stored credentials. If Firefox stored credentials are locked by a Master Password, then it puts the Mozilla browser on similar ground. As far as Chrome is concerned, your saved passwords are there for all to see, unfettered and unprotected.
What is the solution?
The answer to this question is simple. Don’t allow your browser to save your passwords. None of them. Not one. If you do, those passwords are vulnerable. All someone has to do is have access to your computer (remote or physical) and, unless you use Safari or the Master Password feature in Firefox, those passwords are available for anyone to see.
If you absolutely must have your browser store your passwords, and you’re not using macOS, make sure to use Firefox and enable the Master Password feature. Use Chrome at the peril of your passwords.
In place of having your web browser store your passwords, make use of a password manager. By doing so, the likelihood of someone viewing your passwords is considerably lower. It’s not perfect, but it’s far better than handing over the security of your passwords to a web browser.