Spyware, Viruses, & Security forum

General discussion

Is it safe to store website login info in browsers?

Maybe a good question to ask your readers. For convenience, I often save my website login credential (username/email and password) in both browsers I use (Firefox and Chrome) and it has served me well over many years. However, recently my friend saw me do it and he told me that it wasn't a good idea to store any passwords in the browsers as I am just asking for my information to be compromised by hackers. Ever since then I have been scared to store anything in my browsers again. Is my friend correct that storing that information in my browser makes it easier for hackers to steal my login information? If that is the case, why do Firefox and Chrome offer such a feature? Shouldn't they look out for their customers if it is this vulnerable? What do you think? I'm sure others are using this feature and if it is a bad practice, maybe others should be warned too? Any information offered is appreciated.

--Submitted by Shiela P.

Post was last edited on December 14, 2018 5:12 PM PST

Post a reply
Discussion is locked
You are posting a reply to: Is it safe to store website login info in browsers?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Is it safe to store website login info in browsers?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
There is a better way

In reply to: Is it safe to store website login info in browsers?

Firefox, at least, by default stores your passwords only very lightly "encrypted" that can easily be seen by any hacker. You can get an extension to make them harder to see. But a better idea, imo, is to get a password manager. Several good ones are free and can be used on computer and phone. Several others are not free, but quite reasonably priced. These managers help you do several things better: Less guessable passwords, no passwords shared between sites, some of them even remind you when it's time to change passwords; many also make it easy to securely share your passwords between your browsers, your computers and your phones.

Look here: https://duckduckgo.com/?q=password+managers&t=h_&ia=web

Collapse -
How is a 'password mngr' safe?

In reply to: There is a better way

How is a 'password manager' any safer that anything else?

Collapse -
Reputation

In reply to: How is a 'password mngr' safe?

There are several secrets. For one thing, the entire list of user names and passwords must be encrypted using a strong master password. Not just using the password for access, but by using a strong encryption technique. The issue is also that many websites do not necessarily use proper techniques to store your password. So, if your bank reminds you of what your password is, stay away. I remember in one class, companies use a .TXT file to hold these and not encrypted. Credentials stored in your browser are not even password-protected, least of all, encrypted. So, what it all boils down to is that the product (password manager) should realize that a hacking of their data could be catastrophic to them. There are ways to program safety and many projects get people who are rushed for time and make mistakes or simply sacrifice security for time in the "rush to market".

Nothing is going to be 100% fool-proof. However, if it is going to take an expert two years to hack your information, there are other uses of their time. So, its a matter of reputation and trust but, storing passwords in a browser is just NOT cool if someone gets access to your computer by any means.

Collapse -
How can anyone trust a 'password manager'?

In reply to: There is a better way

It blows my mind that so many folks just trust these

Collapse -
You know a better way?

In reply to: How can anyone trust a 'password manager'?

Obviously, one must choose the software very carefully. I have around 250 accounts/passwords, some trivial, some vital. If I had to remember every one, I'd only use a couple of passwords or have to write them down. For your most important sites, where 'strong' passwords (random numbers, letters, symbols) are essential, they should deliberately be impossible to remember. So a trusted password manager, where you can also store many other important (to you) data, is the best solution I know. The right one can also help manage your digital legacy. Of course, the password for the password manager should be complex, unique and never stored in browser or anywhere else! A good password manager will also have a recovery method with a delay eg you will get notified for, say,14 days before anyone trying the recovery key (like your next of kin after death) can succeed if you don't intervene.

Collapse -
Depends on which logins you're saving

In reply to: Is it safe to store website login info in browsers?

I guess it depends on the website you're logging into. I don't store my login info for things like my banking account, but less crucial sites such as Cnet I have no problem saving. Otherwise I would spend half my day just logging in.

Post was last edited on December 15, 2018 3:50 PM PST

Collapse -
Also Make Sure You Don't Use the Same Password

In reply to: Depends on which logins your saving

If you use the same password for some, most or even ALL of your websites, it is NOT a good idea to store that password anywhere. The only exception would be a tried-and-true password manager.

Collapse -
Saved Logins

In reply to: Depends on which logins you're saving

I agree. I use one password manager for websites that I visit and have logged into on a regular basis and don't store banking info in the cloud.

Collapse -
Banking Info

In reply to: Saved Logins

My bank does banking in person, through the web and through an app. My Banking Inormation is not stored in a cloud (I hope) but on one of the banks dervers. Even if I didn't connect to my account, the information would STILL be on their servers. So, my security is up to them. You really don't have a choice.Same with any company, really. The data is on their backend.

Collapse -
Use A Password Manager

In reply to: Is it safe to store website login info in browsers?

I never save logins in the browser. I use Roboform Everywhere. Many folks use LastPass or other password managers. I simply suggest that you get one and use it instead of saving it in the browsers.

Collapse -
Agree with password managers

In reply to: Is it safe to store website login info in browsers?

Another good reason to not let the browser remember your passwords is if your machine ever gets stolen, or some other way someone not worthy of trust gets access to it. If your machine automagically fills in the passwords then that makes it easy for someone to log in to your important sites.

I let my browsers remember sites like forums and other places that nobody could really hurt me with. But, I always type in or copy from a password manager for email, banks, Amazon and any shopping site, logins to control and maintain my website, etc. All of my important passwords are unique and at least 20+ characters long.

Yes, it can be a pain to type in a long password, especially on a phone. But, usually Copy&Paste from the password manager works around that.

I've been using a paid product, SplashID, since the late '90s. I like its flexibility. Every once in a while they offer their online service for a one-time fee. I consider it very much worth the price. But, as griswolf says, there are free alternatives that are very popular.

Collapse -
Extremely Good Point

In reply to: Agree with password managers

Too many computer users are so into ease-of-use and convenience, that they wish they didn't need passwords at all and would rather not have security (yes, I've seen posts by some that want to get rid of logins). I ask these people the same question. What happens if you lose your laptop or, most likely, it gets stolen out of a car or someone has a break-in at their home or at work and a computer is stolen. At least with a password manager, you still have to login to that. I use Roboform (paid for version).

Collapse -
Tip for using any password manager

In reply to: Agree with password managers

I forgot to include this. A rule I have enforced on myself that I find has saved me frustration several times.

Rule: When creating an new account, always stop and add it to your password manager before typing the password into the website form. If all on the same device (phone, computer) then Copy&Paste the password from your password manager into the form. That way you're certain that the passwords match.

Multiple times, I've been in a bit of a hurry, and it's a site I don't think I'll need to log into again. And I considered just plowing on without bothering to save it. Or, "I'll do that in a minute." But, I'll stop myself and put it in my password manager, and it turns out it was useful that I had disciplined myself to save it. I also include any other unique info, like security questions and answers, account numbers, etc. I also use mine to record serial numbers for software and hardware. My password manager can store an attachment, so sometimes I'll take a picture to store the serial number.

But, the main thing is: Always create the record in your password manager prior to moving on to creating the new account.

Collapse -
Good reminder. However ...

In reply to: Tip for using any password manager

Some sites won't allow copy/paste. IMO that's a good thing because BFBI attacks will use c/p if available. So, best practice is to type each time.

Also, make sure that the site will accept your special characters. E.g. some won't take the up-caret, so I never use it.

Collapse -
Interesting.

In reply to: Good reminder. However ...

All my passwords are long and in Welsh. Wait! Damn you Patagonia. Laugh
Dafydd.

Post was last edited on December 21, 2018 4:54 PM PST

Collapse -
That's unfair. You guys got no vowels!

In reply to: Interesting.

Patagonia?

You may know of US TV program Jeopardy.
Yesterday the Final Jeopardy was 'a poet, born 1914, born at such and such street address.' I got it: Thomas! How? The street name was clearly Welsh.

Collapse -
Doug,Doug, Doug.

In reply to: That's unfair. You guys got no vowels!

I 'splained to you years ago. We have two more than you.
Dafydd.

Collapse -
(NT) LOL!

In reply to: Doug,Doug, Doug.

Collapse -
CTRL + V

In reply to: Good reminder. However ...

To Paste a password when signing into a website try using Ctrl + v together.

Collapse -
Yes, Ctrl-V is paste.

In reply to: CTRL + V

However, the more secure [IMO] sites won't allow that. It makes the automated crackers work that much easier.

Collapse -
yes, but..

In reply to: Yes, Ctrl-V is paste.

The odd thing is that sometimes ctrl-v will work when selecting paste from the right click menu does not. I have no idea why that is.

Collapse -
what browser

In reply to: yes, but..

What browser are you using when you say" when selecting paste from the right click menu does not"

Collapse -
Firefox

In reply to: what browser

I use Firefox. Maybe an extension is interfering someway?

Collapse -
I'm as lazy as the next guy, so I think I've tried both

In reply to: yes, but..

over the years. In the event, I'm more confident in a site that doesn't allow it.

Collapse -
Roboform Has Copy/Paste

In reply to: Good reminder. However ...

You can use copy and paste but, at least with Roboform, it directs the userid and password into the login form (called "form filling"). But you can do what you want with it, I guess. Direct form-filling is easiest without compromising safety.

Collapse -
(NT) Yeah, that's Roboform's selling point, isn't it?

In reply to: Roboform Has Copy/Paste

Collapse -
Preventing Paste is annoying and useless

In reply to: Good reminder. However ...

A site not allowing paste "for security reasons" is dumb, in my miniscule opinion. If a hacker can intercept Copy&Paste then you have a much bigger problem. That can only be accomplished by software actually running on your computer. If they have that access, then you're completely compromised. They can just watch you type, too.

Collapse -
If I can copy/paste so can a bot,

In reply to: Preventing Paste is annoying and useless

so trying many passwords just got easier, right? If I gotta work, the bot's gotta work, is my view. Happy

Collapse -
Not unless you you're infected with malware

In reply to: If I can copy/paste so can a bot,

No, they can't steal your password from the clipboard unless you have malware running on your machine. In which case, they can watch you type, too. There is no security advantage for a website to not allow paste. In fact, except for maybe a game, I can think of no instance where preventing paste is useful.

Collapse -
LastPass Has Worked Well For Us

In reply to: Is it safe to store website login info in browsers?

LastPass is a very good free password manager. It comes as an add-on or "extension" to Chrome, IE, Edge, Firefox, etc. Make up a good, long, strong password you can remember as the "master" password for signing into LastPass, then let LastPass remember your username and password for all other websites that you OK. It can also generate passwords for new websites you visit or existing websites where you want to change/update your password. I can go from laptop to phone to PC and use LastPass on each of them, so that's very convenient.
AVAST free anti-virus (and the premium paid version) has its own Chrome-based AVAST Secure Browser. Basically, it's a security-enhanced version of Chrome browser and it includes what AVAST claims is a very safe and secure password manager. Maybe worth a look.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.