I’m often asked by my computer support clients whether it is a good idea to let browsers save the logon credentials for websites

Knocking on Google login panelFrom the point of view of security, there are two types of threat to consider:

  • Anyone who has access to your computer might be able to use and/or steal your passwords. Only you can assess whether household members (or office colleagues, for that matter) pose a threat to your privacy and security.
  • The browser software could be hacked to reveal your passwords. I don’t, personally, know of anyone who has had this happen to them, but I have read several times on the internet that there is malware out there that can do it.

So, I can’t actually answer the question for you. I think it comes down to something we do all the time without even thinking about it – balance risk against convenience. If we wish to cross the road and we are on a quiet country lane then we are unlikely to walk 100 yards to the nearest pedestrian crossing. We might be prepared to walk much further than that for a safe crossing if it’s the Euston Road we are trying to negotiate.

I’d like to suggest a few questions that you might ask yourself to give you an idea of whether it is a good idea for you to save passwords in your browser:

  • Do you think that online banking is too risky? If so, I think your caution will probably extend to never letting browsers store passwords. Personally, I trust online banking and would hate to do without it but if I was cautious enough not to trust online banking then I certainly wouldn’t trust my browser to keep my secrets safe.
  • Would the consequences of someone finding a particular username and password combination be catastrophic? If so, it probably wouldn’t be wise to commit that specific password to your browser.
  • Do you tend (despite advice to the contrary) to use and re-use the same password(s) over and over again? If so, you must bear in mind the risk that discovery of one of your passwords could give someone access to other accounts. Committing even one username/password combination to your browser could expose many other accounts to being hacked.
  • Do you have children in the household? In my experience, households with children suffer far more from malware attacks than households without. I’m not blaming the children. I think it’s probably because the nasty scrotes that write malware know that children have less mature judgement than adults, less fear, a greater propensity to be led by others into visitng specific (dangerous) websites, a greater propensity to share online content (including malware) with each other, and so on. If your risk of catching ANY malware is increased, then it probably follows that the risk of catching malware that can find your passwords is increased.
  • Do you think that usernames and passwords give you a huge amount of grief in your online life? I know some people who seem to be able to remember an enormous number of combinations of usernames and passwords, whereas others can’t even remember their own phone number. If passwords give you a huge amount of grief then it might well be worth reducing the burden somewhat by getting your browser to remember some of the less important username/password combinations.

Hooded Computer UserQuite often, when I have (annoyingly) answered the original question with “it depends….”, the client will then ask “what do YOU do about saving passwords online?”. The answer is that I use some software called LastPass to remember most of my online passwords, but I also record all my usernames/passwords somewhere else as well. I don’t use LastPass to remember the most important financial combinations. If you asked me to rationalise why I do what I do, I can’t. What I can say is that I think I balance risk against convenience in a way that seems to suit me. And when I see my clients struggling to find specific passwords, I often think that they would probably be better off by committing at least some of them to their browser for safe-keeping.

© 2011-2018 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha