Jim Rossman: Browser password managers are convenient, but risky

By clicking submit, I authorize Arcamax and its affiliates to: (1) use, sell, and share my information for marketing purposes, including cross-context behavioral advertising, as described in our Privacy Policy , (2) add to information that I provide with other information like interests inferred from web page views, or data lawfully obtained from data brokers, such as past purchase or location data, or publicly available data, (3) contact me or enable others to contact me by email or other means with offers for different types of goods and services, and (4) retain my information while I am engaging with marketing messages that I receive and for a reasonable amount of time thereafter. I understand I can opt out at any time through an email that I receive, or by clicking here

I’ve been having some conversations with people online and in person about using and storing passwords.

I’m like most of you, in that I don’t have one solution.

I utilize several options that include a password manager, having a browser to remember some passwords and writing them down in a secured file saved in the cloud.

I also have a lot of passwords to remember for my work life, which is entirely separate from my home internet use.

The conversations this week revolved around the safety of letting your browser fill in your passwords.

How safe is it? (Spoiler…not very safe)

Every browser has its own way of keeping your logins and passwords secure. I use Google Chrome, but Microsoft Edge and Mozilla Firefox do pretty much the same thing.

The consensus is that storing your passwords in a browser is convenient, but also quite risky. Also, if you create an account and sign in to the browsers, you can choose to sync those passwords to the cloud so they’ll be available if you log into that same browser on a different computer or tablet or phone. Again, convenient, but risky.

Browsers are notoriously at risk of leaking your data through exploitable vulnerabilities. I’m not sure most people are aware that browsers like Chrome issue major updates monthly, with minor updates even more often.

Most of the time, those updates happen in the background, but they can’t be fully applied unless you quit and relaunch the browser. This is why it is very critical that you keep current on your browser updates.

Everyone must weigh their tolerance for risk vs. convenience when dealing with their online lives.

My thought is to let the browser remember my login and password information on sites that don’t utilize any financial information.

I don’t mind letting Chrome remember my New York Times login, but I certainly don’t have it filling out my online banking logins or even my shopping accounts like Amazon.

If the account deals with any of my money, I don’t let the browser remember anything, including the username.

Also, I’ve mentioned this before, but it bears repeating – please turn on two-factor authentication when it is offered.

Two-factor authentication adds a second layer of security to your accounts by requiring two methods of authentication before allowing access.

To put it simply, using two-factor authentication means entering your login name, password and then having a code sent to your phone that you enter on the screen. This means you not only know the login credentials but have possession of your phone as well.

If a hacker manages to steal your password, they will still need your phone to finish the login.