Why you should NOT use your web browser password manager
Posted:
Campus:
As the schemes used by cyber criminals and hackers to evade cyber security measures continues to evolve, it is important for all users of online services to keep up with their tactics. You have heard either through the media or our own College cyber security training that a highly recommended practice is to use a password manager tool to keep track of the many online accounts and passwords that you have. Thankfully at the College almost all services use the same login account and password. It is however a different story for the many other services you access.
There are many independent third party password managers that are recommended - some examples are 1password, Bitwarden and Lastpass. There are paid and free versions that offer varying features. These tools recognize when you are logging into an online service, and ask if you wish to store the password. Subsequently, when accessing the site, the tool can autofill your account and password. For example, LastPass will present a prompt such as
Similarly, the common web browsers (Chrome, Edge, Firefox) offer pop ups to store passwords within the browser itself. The Google Chrome prompt appears as
It is highly discouraged to use the browser based tools that come with Google Chrome, FIrefox and Microsoft Edge. There are inherent security risks doing so. If a cyber criminal was able to access your web browser files, they could easily access the login account information stored with the browser. Stick with the independent tools such as LastPass. (Instructions for removing password storage and the disabling the pop-up are attached to this post for the Chrome web browser.)
Apple's tool - Keychain - is more secure, and works well if you are exclusively a user of Apple products. It is some work to integrate Keychain with Windows computers. It is far simpler to use an independent password manager.
For additional information these two articles provide some insights....
https://www.howtogeek.com/447345/why-you-shouldnt-use-your-web-browsers-password-manager/
https://fractionalciso.ca/browser-password-managers-flawed-security-by-design/