Saving passwords to Chrome may be quick and simple, but is the right thing to do? We all know that remembering passwords is the bane of our internet lives. Security experts, such as IT Managed Services Providers, along with IT security companies repeatedly state how passwords are typically the weakest link in any business security model. Photographic memory aside, human beings struggle to hold multiple unique passwords in their heads. Therefore, anything which provides a short cut is deemed welcome.
So, when a web browser such as Google Chrome offers to save, for example, your Office 365 password you accept it. Bright idea?
Is Chrome the way to go?
Whilst there is a veneer of security with Chrome, in that it hides these passwords until you enter your PC or Mac login password, this article shows show how a hacker with minimal nous can very quickly crack this – and hey presto they have your saved passwords!
Scary right? Well, it scares me that I often encounter this when working with businesses.
On a daily basis, I talk to my clients about the balance between usability and security when assessing the overall security score for a business.
Clearly, having unique complex passwords (along with two-factor verification) for each account is the goal – which is why password managers are so important.
Another scenario to consider is where more than one person is using a computer, logged in as the same user. One user logs into their Office 365 account and absent-mindedly clicks yes when Chrome offers to save your password.
Then another user logs into their Amazon account and the same thing happens. Unless you go into the settings of the browser and remove them, these passwords will remain in the browser forever. You may have only used that computer for half an hour and never use it again, but a key piece of data (your password) stays long after you have moved on and probably forgotten about it. Then the machine gets a virus and a hacker gets control of the machine. Happy days.
Our aim is to keep people safe online and there are three takeaways from this blog.
1. NEVER save a password in a web browser.
2. If you do not use one yet, speak to ITGUYS about password management software.
3. When using a computer that is not yours, use incognito or private browsing to minimise any chance of your passwords or sensitive data being compromised.
If you’d like to discuss the above and how we can help, simply get in touch by giving us a call on 020 72 41 22 55 or fill out our contact form and we’ll quickly get back to you.