By now, all browsers give you the option to save your passwords. The feature is enabled by default, and it’s a convenient way to store passwords and synchronize them across devices. But is it also safe? In what follows, we present some of the security risks of browser-based password managers and the advantages of using a dedicated password manager.
Pros and cons of browser-based password managers
Storing your passwords in your browser is the most straightforward way to log in to your accounts instantly. It’s an integrated functionality, so you don’t have to download an extra app, and it’s free. In addition, your passwords are kept in sync across all your devices. However, if you tend to use different browsers on your devices, you’ll have to update your passwords for each browser separately when you do your regular password change. For privacy-minded users, that means every six months. It might become a cumbersome task, especially if you tend to use three or more different browsers.
Speaking of password change, you need some creativity to come up with new passwords. Unlike dedicated passwords managers, browser-based password managers do not integrate a complex password generator. Some browsers, such as Firefox, offer suggestions for random passwords, but they do not allow customization, such as choosing a specific length or specific characters.
If you enjoy the flexibility of using different browsers, you should consider a dedicated password manager. Cybersecurity experts recommend using multiple web browsers, each for different activities. It is not only convenient, but it is also beneficial for your privacy and safety. For streaming, your priority might be speed, while for online banking, you might prefer the browser with the best security track record. Following popular wisdom, you shouldn’t put all your eggs in one basket – or keep all your cookies in one browser.
Should you trust your browser with your passwords?
We all know how important it is to have unique and complex passwords. If you are an average internet user, you probably create a new account every few weeks, and you are used to setting passwords that have at least eight characters, containing both letters and numbers and at least one special character. You’re probably so used with this mix that you don’t even check the requirements anymore.
But no matter how strong your passwords are, there is always the risk of having your credentials stolen when visiting malicious websites. One of the most common forms of attack is installing malware using drive-by-download attacks. JavaScript malware comes in many forms, but password-stealing trojans have been used the most for getting login credentials. By luring users to malicious websites and installing password-stealing trojans, attackers can collect login credentials, as well as information about the users’ network activity. Browser-based password managers do a good job at storing passwords, but they are more susceptible to malware attacks conducted through JavaScript malware. They do not offer a way to check for vulnerabilities or alert you if your account was part of a data breach, as dedicated services do.
Dedicated password managers offer advanced security features and, because they are primarily designed with security and privacy in mind, they abide by higher security standards. Browser-based password managers are extensions of browsers, and their primary purpose is to offer more convenience when surfing the web. They save each password and provide a quick autofill feature, but this comes with many risks. Any person who gets access to your device can log in to your apps and accounts.
Why should you consider a dedicated password manager?
Dedicated password managers provide an additional security layer with the master password, which is often coupled with two-factor authentication. You only need to remember one master password to access all your other passwords, which can be as long and elaborate as you want. Recently, Firefox added the option to set a master password in its password manager for Firefox, called Firefox Lockwise.
Stand-alone password managers include security status checks, alerting you when passwords need to be changed and providing highly secure auto-generated passwords. Password hygiene has become an important topic for the billions of people who has a presence online, so much so that we now have an International Change Your Password Day. Also, most services go beyond storing passwords and let you keep notes, documents, or IDs. The password manager’s vault can store sensitive information securely, using advanced encryption.
Avira Password Manager, the best free password manager
The advanced functionalities of a dedicated password manager are not always available for free. However, Avira offers a free password manager with all the key features you need. The free version allows you to store unlimited passwords, notes, and credit card data in your digital wallet, which comes in handy if you often shop online. Avira Password Manager uses the most advanced 256-bit AES encryption standard and provides two-factor authentication (highly recommended). The free version also provides limited security checks, while the pro version offers complete security checks for all your passwords and alerts in the case of breaches.