Today, it is common knowledge that we have the possibility of storing passwords through our internet browser. The password is automatically filled when we return to the sites where we have saved the credentials, thus saving us the time and effort of having to re-enter the data.
One of the great advantages of this system is that if, for example, you save your passwords in a Firefox desktop browser with your account open, this is synchronized. Thus, when you use your mobile browser, these saved passwords are already in it and you can use them in the same way.
The browser password management is very convenient and simple, yet it has some drawbacks compared to a stand-alone, external password manager program (such as Passbolt, Lastpass, and Bitwarden). In this article, we will take a look at the differences between these two options.
Advantages of a stand-alone password manager
Firstly, the passwords stored through the browser can only be used for that browser type (whether Firefox, Safari, Chrome, etc). The saved credentials are not available for use between different browsers, therefore creating difficulty when changing between devices.
It is in this aspect that stand-alone password managers already make a big difference. The vast majority of password managers are compatible across different browsers and platforms. It is as simple as installing an extension in any browser and the password management will work regardless of the device you are using.
Password management tools also have the great advantage of being able to share and synchronize across multiple users. So if your teammates or work colleagues need access to the same tools, you can share passwords with them without any problem. This makes access to different platforms and tools much more accessible to other users. You can also share the username and password of important accounts used for the operation of the company, where necessary.
Subscribe to our newsletter.
Stay tuned to the best practices and strategies in e-commerce and grow the business as leading brand in your industry.
What about the security?
The current browsers in the market take security seriously. However the reality is that very few people log out of their browser at the end of a session. This leaves passwords exposed and without any encryption, to any other user who has access to the computer to see them without anything to prevent it. In a similar fashion, if a malware is able to log into a user’s account, it has access to all of the saved credentials.
Examples of such malware include Redline, which affects Windows, and XLoader, which affects both Mac and Windows. In the case of Redline, it has demonstrated the capability of stealing all the username and passwords of browsers, and credit card information. It can also detect the security measures installed, the hardware we use, our geographical location. Added to all this, Redline also has the capability to steal cryptocurrencies.
Password stealing programs are quite common. There are free and easily accessible programs of all kinds that allow stealing of browser data for Windows, Mac or Linux, so it is more of a real danger than we think.
In order to access a password management program, there is usually a master password which has to be entered for the encryption and decryption of saved passwords. This is done locally on the device so it does not require any interaction with the administrators of the password manager at any time.
What does this mean? Only the user has access to that account and to what he saves in the password manager, through his master password. The administrators of the password management system do not have access to the user’s saved passwords. This is unless the master password is shared with them for security purposes.
Many stand-alone password managers also offer advanced security options such as two-factor authentication, biometric authentication, etc.
IT security and systems managers do not always have the possibility to apply password policies in each and every application that a company provides. This means that they cannot be certain how secure the passwords used in the company are. With this in mind, most successful attacks on data privacy are due to poor password management by users (80% according to Verizon DBIR). Also according to the estudio de WEF, 95% of IT security breaches are due to human errors. This is why companies should prohibit the storage of passwords in browsers.
Reasons to use a password manager instead of a browser
It is true that storing passwords in the browser makes our lives easier, since it is very complicated to remember dozens of passwords, if not more, in our daily use of technology. The fact that the browser has the ability to store them and that it provides easy accessibility is convenient for us.
But if we want to enhance our security, for both business and personal activities, under no circumstances should we store passwords in our browsers. The latter offers very few guarantees and can be a source of problems. An external password manager, such as Passbolt, Bitwarden, or Lastpass, allows individuals and organizations to create more secure passwords and thus improve their online security.
By using built-in random password generators to replace old passwords, we can protect ourselves from data attacks, subsequently increasing both our online security and that of our company. It is not sufficient to just store our passwords, as it is also necessary to change them from time to time and learn to take care of the security in our digital life.
In Orienteed, we carefully supervise the security of our systems and projects with our customers on a daily basis. If you want to improve the security of your ecommerce through our Technical Office team, please do not hesitate to contact us here.
Technical Office Specialist at Orienteed.