Passwords

I’ve been had a lot of clients with password problems recently – forgetting them, having them hacked, and so on.

Should I let me browser remember my passwords?

In short, yes. It saves you a lot of trouble, and it isn’t unsafe. But write them down somewhere secure as well.

People seem to avoid using the ability of most browsers to remember passwords, so that the right password is automatically filled-in each time you visit the website’s login screen. People maybe feel that storing passwords in the browser isn’t a secure or sensible¬† thing to do.

In fact, this is probably more secure than typing in the password yourself each time you visit the site.

The stored passwords are never shown “in clear” on your screen, so if your computer is infected by malware which is recording what you type into what webpage (using a keylogger) the malware doesn’t get to know your password. And as most browsers store your passwords in encrypted form, it’s hard for a virus to just read them off from where the browser stores them.

Remember that the stored passwords are saved within that specific browser (Chrome, Edge, Firefox, Internet Explorer, Safari, or whatever) , so if you use another browser, or another computer/tablet/phone, the new browser won’t know the passwords (unless you have got them stored there as well).

So you might not need to type your password for a year or so, and it’s quite likely by then that you will have forgotten it, so it’s important to keep them written down somewhere safe (see below) as well.

Most browsers can be persuaded to show you the passwords they have store – search for “passwords” in the browser’s settings/options.

Can someone crack, ques or steal my password?

If you only ever type your password into the correct, relevant, web site (and always check you are using the “https” protocol), you should be safe from eavesdroppers.

Check the HTTPS padlock!

Myself, I now only use randomly-generated passwords of twelve characters or more (I used to use eight-character password, but as technology speeds up, brute-force attacks have more success at identifying shorter passwords).

I use EnPass to generate and store passwords – it encrypts them and then stores them locally, and I keep three automatic backup copies, including one on my phone. (And even if someone knew my phone’s PIN, they’d still need the EnPass master password to read the copy stored on the phone).

For people who want to know more about passwords – how they leak out, and how to manage them securely – there’s a good article written by Emsisoft here.