Convenience attracts millions of users to the most popular digital tools and platforms. Ironically, this could also cause massive security issues at the same time.
Just look at how easy it has become to “remember” passwords thanks to a few convenient browser settings. Every browser now has this function – the ability for users to save every password of their choice, so it’s automatically filled in.
No one can argue the value of this. Not in a day and age where most people log into dozens of applications and websites every day. Which, if someone follows strong password rules, require remembering unique and complicated passwords for every account.
Passwords were created to keep things secure. And at this point, they’re still the only form of security people have to rely on. New security defenses like fingerprint ID and face ID are slowly starting to offer an alternative thanks to mobile devices. But those options are far from universal, and so the good old password is still king.
But users’ habits have allowed passwords to become dangerously unsafe, all thanks to convenience.
Read on to find out how users are putting themselves at risk by using their browsers’ autocomplete function.
The Ugly Truth Behind Saving Passwords on Web Browsers
It’s not entirely people’s fault that they’re putting their digital accounts and devices at risk. The technology industry is partly to blame thanks to them always striving for convenience. But convenient does not equate safe, and somehow even IT experts seem to forget this sometimes.
Another factor is the sheer amount of websites and accounts that require a password to log in. These safety measures are in place for a reason, but it does mean that people have a lot of passwords to remember. Which isn’t really feasible for anyone. So they turn to the autocomplete feature in their web browser because it’s convenient and seems safe enough.
What many people don’t know, however, is that this feature isn’t actually safe at all. In fact, it’s very easy to find a saved password on a browser, and anyone could do it.
How to See Saved Passwords on Browsers
This method might not work with every browser out there, but it does work with the most popular ones like Chrome, Firefox, and Safari. It involves the inspect element window that every browser has so developers can access the bones of the pages they’re working on.
Here’s how it works:
Anyone with access to the device (even remotely) simply has to right-click the password field on a website. Then, they can choose ‘Inspect Element’ to open a side-bar with all the information they need already highlighted. They just have to replace the type=”password” field with the word “text” and press enter. The browser will unhash the password that’s been saved for that account and it will appear in plain text.
It really is as simple as that. Part of the problem here is the fact that these browsers unhash passwords. This should never happen as passwords shouldn’t be stored in plain text. But that’s the way these browser password storage functions work, unfortunately.
Here’s how popular browsers handle saving passwords and how easy it is to find them.
Chrome is easily one of the least secure browsers when it comes to saving passwords. It stores all the passwords in plain text in the settings menu. Anyone with access to that Chrome account will be able to go to the settings and see these saved passwords.
Windows 10 and MacOS makes this a little harder by requiring a user password before the passwords can be revealed. But it’s easy for hackers to get around this issue thanks to tools like iSumsoft Windows Password Refixer.
Firefox employs much of the same technique for finding passwords as Chrome does. Making it just as easy for anyone to find stored passwords. The only difference is that Firefox allows a master password to be set, which can deter any peepers. The downside is that a user has to manually activate and set up a master password in the settings menu.
Again, Safari works just like the other two. Any saved passwords can be viewed in the settings menu. Like Firefox, it also has a master password feature, but in this case, it’s not optional. Which means, between the three, Safari is the safest option when it comes to storing passwords – but only by a small margin.
Take These 4 Precautions With Passwords
Passwords are only as safe as the steps a user takes to keep them safe. Here are some basic cybersecurity rules that everyone should be implementing.
1. Do Not Save Passwords
After the whole discussion above, this point seems obvious but it still warrants saying again: do not save passwords on browsers. It’s unsafe and way too easy for outsiders to get access to.
2. Use a Password Manager
Yes, it is hard to remember the passwords to every account out there. That’s why password managers exist. They make this process convenient, but they also focus on strong security encryptions.
It’s easy to set up an account on a password manager, which will then store and automatically fill in passwords. It’s just as user-friendly as saving passwords on a browser is, except it’s much safer.
3. Enable Two-Factor Authentication
Whenever someone has the option to enable 2FA, they should. This option sends a one-time pin to an additional account or device whenever someone tries to log into an account. The owner can then type in the pin to authorize the login. However, an outsider who doesn’t have access to the other account or device cannot log in.
4. Install a VPN
VPN software is hugely popular with small businesses, but it’s also starting to become an essential tool for everyday users. People install VPNs on their home routers or individual devices to keep any snoopers out.
A VPN will encrypt all of the incoming and outgoing data that is sent over a computer or device. This makes it nearly impossible for anyone on the outside to access the connection or the data.
Do not let convenience take over and replace proper security defenses. There are ways to remember passwords without having to resort to saving them on browsers.
Anyone who decides to keep on saving passwords on their browser should at least set up a master password if they can and consider getting a VPN as an additional layer of protection.