I always have my browser store my passwords, is it safe?
It is very common amongst users to let their favourite web browser store their passwords for websites, email accounts etc. Whilst convenient for the fact you do not have to worry about inputting your password each time you visit a website and it saves time, there are also disadvantages to it as well.
- Other users on your computer can access your accounts easily if you are not logged out or your login information is saved.
- These passwords can often be found out by the use of password recovery tools.
- Browsers often do not use strong encryption for them, and furthermore as these passwords are system somewhere it makes them vulnerable to detection by various methods.
- By not thinking about your passwords everytime you log in, you are less likely to carry out the good practice of changing your passwords on a regular basis.
- By not regularly inputting your password in manually on a regular basis, there is a high chance that they can become forgotten causing problems further down the line when you do need them.
If you do want your browser to store your passwords for east of use, then we would recommend a good quality password manager rather than relying on your browsers built in password management as these tend to be more secure, however please note that there is still a risk associated with these however these password managers are becoming more and more advanced as they evolve.
What do you recommend for keeping my passwords safe?
As well as choosing very strong and secure passwords for your accounts of being:
- Unique to each account. i.e. not using the same password for more than one account
- A combination of upper and lower case characters, of both letters and numbers and symbols
- Not something that is easy to guess
We recommend that you keep a record of your passwords away from your computer written “in code” that you can refer to to look up again. If you write your passwords down in a book or similar displayed as you would input them and that book then became lost, then that too is a security risk so having them stored in some kind of code that is known to you minimizes that risk.
And finally…..another very good reason(!)…..
Often when systems are brought in for repair and a reset or a reinstallation is required, then it will usually require the user to input their password(s) again when setting the OS/email accounts/browsers up.
We have had many cases where users have not known the password for one account and have been unable to recover that very easily because they do not know the password for any other associated accounts where it can be recovered or reset from (or have access to that account on other devices) creating a vicious circle.
This problem can be magnified in certain situations such as when reinstalling Android on a newer tablets and it requires your Google account details to authorise it, or such as your Apple ID when reinstalling Mac OS on newer Apple Macs for similar reasons.
Keeping a record of these key accounts all helps towards minimizing the repair time.