Saving passwords to Chrome or any other browser may be quick and simple, but is it the right thing to do?
We all know that remembering passwords is the bane of our internet lives. Security experts, such as IT Support companies, along with IT security companies repeatedly state how passwords are typically the weakest link in any business security model. Photographic memory aside, human beings struggle to hold multiple unique passwords in their heads. Therefore, anything which provides a short cut is deemed welcome.
So, when a web browser such as Google Chrome offers to save, for example, your Office 365 password you accept it. Bright idea?
Is Chrome the way to go?
Whilst there is a veneer of security with Chrome, in that it hides these passwords until you enter your PC or Mac login password, this article shows show how a hacker with minimal nous can very quickly crack this – and hey presto they have your saved passwords!
Scary right? Well, it scares me that I often encounter this when working with businesses.
On a daily basis, I talk to my clients about the balance between usability and security when assessing the overall security score for a business.
Clearly, having unique complex passwords (along with two-factor verification) for each account is the goal – which is why password managers are so important.
Another scenario to consider is where more than one person is using a computer, logged in as the same user. One user logs into their Office 365 account and absent-mindedly clicks yes when Chrome offers to save your password.
Then another user logs into their Amazon account and the same thing happens. Unless you go into the settings of the browser and remove them, these passwords will remain in the browser forever. You may have only used that computer for half an hour and never use it again, but a key piece of data (your password) stays long after you have moved on and probably forgotten about it. Then the machine gets a virus and a hacker gets control of the machine. Happy days.
Our aim is to keep people safe online and there are three takeaways from this article.
- NEVER save a password in a web browser.
- If you do not use one yet, speak to your IT Support company about password management software.
- When using a computer that is not yours, use incognito or private browsing to minimise any chance of your passwords or sensitive data being compromised.