Site icon Panda Security Mediacenter

This is how a browser saves your password (and it is not secure)

navegadores

It is much more convenient, of course. You are at work, in front of your computer, and the browser offers to memorize the passwords for the services that you use. Out of laziness, you give it the OK. Now you will not have to enter the passwords for your email, social network or favourite online store every day.

It is not only convenient for you, but in principle it is much more secure. If malware capable of capturing keystrokes (a keylogger) ever lands in your computer, it will not be able to disclose your passwords.

However, asking the browser you use at work to save your passwords could be a disastrous idea.

One of the weak points of storing passwords in your browser is that, obviously, it saves them somewhere. In addition, remember that you are at work and surrounded by colleagues. One of them could be waiting for you to get up from your workstation without locking your computer in order to carry out the famous David Hasselhoff attack on you (taking advantage that you are not there, someone changes your desktop wallpaper to the ‘Knight Rider’ star with very little on). If they can do this, bear in mind that they could do worse things.

Without going any further, anyone could take advantage of your computer being unlocked to access the password file saved by your browser. It is not difficult, in Chrome you just need to go to chrome://settings/passwords to see the passwords that the browser has saved. A couple of clicks and anyone can find out how to access your mail, social networks, and every site for which you have decided to save the password through the browser.

However, leaving your computer locked does not guarantee that your passwords cannot be stolen. There are other methods.

There is probably a computer engineer working at your company. Do you get on well with him? If you had to think about the answer and you usually save your passwords in the browser, think twice about it. It is not that he is going to search you, but if he wants to give you a fright, he can.

Passwords stored by browsers are, in one way or another, on your computer. Even though they are encrypted and in a hidden place, with enough knowledge it is not so difficult to access them. The right malware could bring them to the surface.

Of course, remember too that not just any password will do. Worrying about where your passwords are stored is not worth much if you use the same one for everything and it is ‘12345’. In this case, there is no need for a cybercriminal to attack your computer or a lapse of yours to allow a colleague to use your computer.

Exit mobile version