I visited a website today and after the registration and login process on that website prompts me, “Hey man, can I get the permission to remember (save) your login details?” And, as normal, my brain has triggered and I began to worry about whether or not I have to press the enable button.
Is a browser whose main task is to just search, and not as a password manager, really capable of saving my password? I’ve asked my brain that question.
My brain responds to me that “Hey duffer, you’re sitting in front of a computer screen and the browser is there on that computer to answer your question, so go ahead and look for it.”
You’ll will get the following information after exploring this topic.
For ease, password managers built into browsers are mainly there, and security plays a lesser role. The explanation for this decision is that, instead of a system that is more reliable, but more difficult to use, frequent users are more easily persuaded to use a system that is easy for them.
Pros of it being used:
You have it already. These days, everybody uses a browser, and all big browsers come with password managers built in. This means that the barrier to entry is unbelievably low from the point of view of a daily consumer.
It discourages reusing passwords. People don’t want to remember passwords, so they won’t remember one password per site for sure. If, upon login, the browser automatically recommends a strong password, then the user would not be tempted to reuse an existing password for it. In addition, if hashes are ever compromised, the passwords proposed by the password manager will probably not be broken by any attackers.
Cons of it being used:
It’s not protecting itself from local attacks. Attackers who may have access to the user’s computer (think jealous girlfriend, not a government agency) may be able to easily obtain the passwords. With browser access, for example, if a user has forgotten to lock their computer, all passwords can be read out in minutes. Local attacks are not something every user is concerned about, it should be remembered.
Someone could be able to break into your Google account, sign into Chrome, and get access to all your passwords as well.
There is no “master password” (other than your OS password) to secure them if your device is accessed by anyone.
On Linux, even without requiring a user password, Chrome will allow users to access saved logins (unlike on Windows and macOS, where a user password is required). Firefox, on the other hand, offers instant access to certain passwords, regardless of device, without authentication (unless a master password is set). Like Chrome, behind a user’s password, Safari at least hides passwords.
How to get passwords saved by the browser without understanding the device’s OS password.
There are ways around the password prompt, however, even on the Windows and macOS operating systems. For example, using the browser’s Inspect Element window, you can modify a page’s code so that a user’s password is un-hashed. In order to do this:
- Right-click on a website in the password area.
- Pick Element Inspect.
- Double-click the “password” option and replace the password with text.
- Hit Enter, and the Element Inspector is closed. Your password will be unhashed and revealed to everyone.
It would be okay to save the less relevant website passwords, but it would be risky for you to save the passwords of banking websites, social networking websites, and all other significant websites.