Passwords, to save (in browsers) or not to save….

Dear Mark,

I was talking to a friend, Rick,  about security for  passwords on the laptop.

He told me to go to Firefox. See Options, Security, Saved Logins and there were a whole list of my saved passwords for anyone to see in the computer.

Same with Google going through Settings.

I did not realize saved passwords were stored on the laptop.


I replied:

1.
Don’t save passwords in Chrome, these will get copied into Google’s cloud

If you’re Google account gets hacked, then ALL these passwords are available to the hacker…

Also go to : https://passwords.google.com

Go to saved passwords, delete them all. Then switch off the sync’ing setting, this will prevent further accidental saving of passwords to Google from Chrome usage.

At the end when you enter https://passwords.google.com your screen should look like this, make sure the bottom line “Saved passwords” looks like this:


2.
If you want to save passwords on the PC, then use FireFox and add a Master Password to protect them. Click this link for the official tutorial

  • Three lines icon (top RHS) – [this is the Menu icon in FireFox speak]
  • Preferences
  • Security
  • Use Master Password

In effect you use two browsers, Chrome for your Google intensive work where you get the tight integration and FireFox for your general with password protection for locally stored passwords. If you don’t get a Mozilla account then there is no risk of them ending up in Mozilla’s cloud either. If you use a Master Password on your computer then passwords are held on the machine encrypted unless you enter your master password when you first start using FireFox.

To more fully appreciate the risks, then read what the FireFox Senior Security Engineer has to say which is the first reply

https://www.reddit.com/r/firefox/comments/2yl09k/how_secure_is_the_firefox_master_password/

Password management is a game of two halves, pain in the neck or the same pain but slightly further down.

Next in my password article series is here:

http://www.totnesit.com/hate-passwords-love-deterministic-password-generators/

Share Button
This entry was posted in Passwords and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *