Most accounts these days require a password of some sort, and as such, the average user has countless of these codes that need to be kept both secure and top-of-mind. Some web browsers have built-in password management tools to help make them more user-friendly, but with so much convenience involved, one has to ask whether or not these built-in management tools are as secure as they should be.
Let’s take a look at how some of the most popular browsers integrate password management, as well as how you can disable them should they be deemed untrustworthy or insecure.
See below for a quick rundown of how the major browsers on the market handle password management.
Chrome’s password manager is tied to the user’s Google account. It offers quite a few features that you might expect to see from a password manager, such as two-factor authentication and random password generation. This password generation encourages users to use different, secure passwords for each of their accounts rather than recycling the same old one--a practice that could put the user at risk of a data breach.
Whenever you access an account through Firefox, the browser will ask you if you want to save the username and password used on the device so that it can be viewed through the browser’s Options menu. These credentials can be saved, though it should be noted that the default setting for this is quite insecure. One way that this is addressed is through a master password that can be used to protect the browser’s contents.
Compared to the other browsers, Microsoft lagged behind in terms of password management. As of January 2021, Microsoft Edge now has this feature. One of the coolest new features associated with this is Password Monitor which can inform the user of data breaches, as well as the ability to create a password whenever a new account is created.
Safari holds a password generator and management tool which gives the user the ability to autofill passwords on websites they visit. But that’s only the start… they can also save contact and credit card information, both of which can be accessed through iCloud Keychain. Unfortunately, this platform is only available on Apple devices, which is not that bad of a loss when you consider the fact that most third-party password management tools offer similar options, as well as two-factor authentication not being available.
If there are no other options available to you, these integrated password managers are passable, but we do recommend that you use a dedicated password management tool. Most integrated password management platforms do not require that the passwords be secure, which is absolutely not the case with dedicated password management programs. While these might sacrifice convenience, improved security is worth every penny.
In addition to your password management tool, we recommend that you supplement password security with the use of two-factor authentication, as well as additional best practices. Here are some key ones to keep in mind:
In the event that you do not wish to use your built-in password management, you can always disable these features. Here’s how to do so for each of the browsers outlined above.
In your Chrome browser, use the three-dot menu and select Settings. Under Autofill, select Passwords and switch off Offer to Save Passwords.
Open Firefox and use the hamburger menu to select Options. Look for Privacy & Security out of the options on the left and locate the Logins and Passwords section. Simply deselect Ask to save logins and passwords for websites.
From Edge, click on the three-dot menu and select Settings. Next, click on Passwords and deselect the option to Offer to save passwords.
In Safari, start by accessing the Menu and selecting Preferences. You can then navigate to the AutoFill category and deselect the following options: Using info from my contacts, User names and passwords, Credit cards, and Other forms.
As is the case with your password security, you shouldn’t rely on built-in security features for your organization’s technology, either. To learn more about how you can effectively safeguard your organization, reach out to us at (503) 278-5011.