Column: Understanding browser convenience vs. security

Q: Is it safe to have my browser save passwords?

This question illustrates the ongoing challenge we all have to face when it comes to balancing convenience with security.

Having your passwords stored in your browser is certainly a big convenience, but no matter how you look at it, the price you’ll pay is some level of security.

Technically speaking

If you never save a password in your browser, technically speaking it’s certainly safer, but what you really need to do is weigh the actual risks against the convenience.

How and where you use your computer should also be a consideration as a laptop, smartphone or tablet is much more likely to be lost or stolen then a desktop computer in your home or office.

Saving passwords on your home computer that only you use is far safer than saving passwords on a mobile laptop that your whole family shares.

Saving passwords on benign sites that contain very little personal information is also less of an issue than saving passwords for any of your financial institutions.

Built-in security

Every major browser offers some form of encryption that securely stores the saved passwords on your computer, but we don’t really know exactly how “hackable” their security may be.

The reality for most of us is that we’re a lot less likely to be the victim of a hacker that’s specifically targeting saved browser passwords then we are to be the victim of theft or a lost device.

A stolen device loaded with a plethora of saved passwords is a cyberthief’s dream, so it’s imperative that you setup some form of access code and auto-locking feature to reduce the potential damage should it go missing.

Installing some form of remote tracking and deletion software, such as Prey, on all your mobile devices is also a good idea, whether you’re saving passwords on them or not.

To sync or not to sync

Another “convenience” feature you’ll have to decide whether to use or not is the browser “syncing” option.

Syncing allows you to share your browsing history and passwords across all your different devices, but in order for it to work, your information has to be stored by the browser company on their servers.

Once again, they offer various levels of encryption and — with the exception of one company, Opera — we’ve yet to hear of any breaches of this particular secured data, but you’ve technically added another way to be exploited.

For its part, Google has created a central place that allows you to manage what passwords the Chrome browser saves, which you can also password protect separately with a sync passphrase through your Google account.

A better way

Security experts all tend to agree that if you’re going to use software to store your passwords, using a dedicated password storage tool such as LastPass, KeePass or RoboForm is more secure than using your browser to store your passwords.

Products that focus solely on protecting passwords instead of relying on browser developers that have to focus on many other things besides security should provide you with a better layer of security.

Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on his Facebook page or on Twitter.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up