You've successfully subscribed to Lambda Stories
Great! Next, complete checkout for full access to Lambda Stories
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Should You Trust Browsers to Handle Your Credentials?

Cyril Darko

The technologically advanced world we live in today has made storing information easier, faster and more convenient. It’s really hard to find people born into this technological world, struggling to keep usernames and passwords or any other related credentials in their brains, diaries or any old-fashioned way of storing information in the past.

Today, data is stored in the cloud, where cloud service providers save them in their data centers around the world and users can retrieve their information anytime and anywhere across the world over the internet. Amazing right? Now, the browser has become the most used tool to save passwords and other security related information. You may want the browser to remember form entries with auto-fill features or passwords to your bank accounts and also save your credit card details and other payment method credentials for convenience. Is this method of storing information safe?

First, technology hasn’t made anyone dumb, there’s just too many things to think about and a lot to be done. You just don’t want to add the trouble of keeping usernames and passwords for every account you sign in; Netflix, Facebook, Twitter, School portal, email among many other numerous accounts you sign in daily. These days, the ability to keep track of passwords and login credentials in general, is a feature for modern browsers as a built-in functionality which gives us the luxury to use our brain to do more important things or keep relevant information.

How Modern Browsers Have Made It Easier

Storing your passwords or login credentials in your browser is the most straightforward way to log in to your account instantly. You don’t have to download an extra app to have such functionality, and it’s free. Your passwords sync automatically together with all of your other data. Once you sign in to your browser on a new device, your passwords are readily available for use. There’s no subscription for these built-in services. Your saved/synced data is secured by various encryption methods, example is the two-factor authentication features. For example,Chrome’s built-in password manager is tied to whichever Google account you used to sign in to the browser. When you’re signed in, passwords synced to your Google account and are available in Chrome on your PC or Mac, on Android devices, and on iPhones. If you’re not signed in (online), passwords are saved locally (cached in your PC).

You have the ease to use the convenient auto-fill features; you can use the form auto-fill when filling a form, this would be based on the past forms filled with same input names and so the browser saves your form information. In this case, you have entrusted your browser to store your personal information safely. Also, you can save more than one password across multiple devices as well as answers to security questions, shipping profiles, memberships and a lot more. We can say the browser is saving us the trouble of keeping all these information which we would have, otherwise, kept in our brains or in diaries which may be a pain to carry around.

What Could Go Wrong If You Save Your Password in Browsers

An average internet user must have created numerous accounts and probably, creates more every week and must be accustomed to the regular pattern and requirements of password validations; at least 8 characters, containing letters, numbers and a minimum of one character. You become so used to it that you don’t even check the requirements anymore.

But no matter how strong your passwords are – unique and complex password combination, there is always the risk of having your credentials stolen when visiting malicious websites. There are many different types of malware and the functions they perform. In modern web development JavaScript malware is exploited more and it comes in many forms, but password-stealing trojans have been used the most for getting login credentials. By luring users to malicious websites and installing password-stealing trojans, attackers can collect login credentials or sometimes, acts as browsers.

Trojans are often disguised as legitimate software but they are designed to inflict harmful actions on the users' system or network. They conceal or mislead users of their true intent and when persuaded to install, they execute their mission, in this case, steal relevant information from the users' browser or system as well as information about the users’ network activity.

Browser-based password managers do a good job at storing passwords, but they are more prone to malware attacks conducted through JavaScript malware. Most browsers do not offer a way to check for vulnerabilities or alert you if your account was part of a data breach, except a few self-respecting ones.

Should You Trust Your Browser with Your Password?

Well, if you ask me, I will tell you nothing is unshakable but we can do a few things to protect our privacy. If you tend to use different browsers on your devices, you will have to update your passwords for each browser separately when you do your regular password change. For security-minded people/users, that means changing your passwords regularly, at least every 3 months. While using different browsers to store different information is a good way to go, it might also become a cumbersome task, especially if you use more than 3 different browsers. Here, I would say you shouldn’t keep all your eggs in one basket – you get the idea. For example, if you're interested in privacy and safety, you can decide to search for browsers with the best security track record and use those for doing things like online banking and also to store credit card details. This process is not always reliable but at least you get to be a step ahead and alert. If you would agree with me that nothing is unshakable, you will be security conscious and these few procedures will guide you live a peaceful life.

Cyril Darko

Full-stack web development, Technology, Entrepreneurship and Environmental Science.