Saving Passwords in Modern Internet Browsers
Browsers have an inbuilt feature of being able to save passwords. When you log in to a site, your browser will ask you whether you want to save the password for your current log in and if you say yes, it will be saved in your browser. The next time you try to login, the password will automatically be entered by your browser. This feature can be turned on and off as desired.
Password saving feature of browsers is one of those that come quite in handy. You will not have to remember passwords for your multiple email accounts, forum accounts, blog accounts and other site accounts. But along with password saving comes the question of security.
What happens when the passwords are stored by a browser?
Where is the password stored?
Can undesired people get access to those saved passwords?
These are some of those important questions that people wonder while saving passwords. These issues might even discourage people from saving any passwords.
Let us take a look at how different modern and popular browsers handle user saved passwords:
Go to the Chrome Menu, click on “Settings”. Then in the settings window click on “Show Advanced Settings”. Under the heading “Passwords and Forms”. You can click “Manage saved passwords”. All your saved user log in accounts and passwords are shown. Your passwords are revealed when you click a button after this.
From the Menu Bar go to “Tools>Options”, click on “Security” and then click on the button that says “Saved Passwords”. At first you will see all the sites and the log in id or email for the sites that you have saved passwords for. You can click on “Show Password” button and all your passwords will be revealed.
However, in Firefox you have an option to set a Master Password (Tools > Options > Security > Use a Master Password). When you set this so called master password, a user has to enter it to reveal or copy passwords from the saved password list. To use the saved passwords on sites, the master password is required as well.
In Opera Browser, the password saving option seems quite similar to Chrome. Passwords can be easily viewed from “Opera > Settings > Privacy & Security > Passwords > Manage Saved Passwords Button”. Clicking on “Show” button reveals the saved password.
I could not find any option to view the saved passwords directly in Internet Explorer. The browser does offer users to save passwords.
In Windows version of Safari Browser, from the Menu Bar go to “Edit > Preferences”. In the “Autofill” tab you will be able to see an item called “User names and password”. If that field is checked, you can click the “Edit” button right next to it and see the saved usernames and the sites for which they are saved. You cannot reveal the password like in other browsers.
- In Chrome and Opera, users can easily view saved passwords.
- In Firefox users can view saved passwords but there is an option to set a “Master Password” to stop quick access to saved passwords.
- In Internet Explorer and Safari, users do not seem to have the option to reveal the saved passwords.
It can be seen that browsers reveal the password easily. One has additional password to protect saved passwords. While the rest of the browsers don’t display them directly. But it does not mean that your password is secure. They are stored in plain text files. No encryption or hashing is applied to those files or individual passwords for the matter. That means people can access those files and easily view your passwords.
The password hiding feature or password security feature present in modern browsers are not secure enough. That is why it is not recommended to save passwords at all. If you have to, you can save passwords for your forum accounts maybe; which has very less impact when your password is discovered by others. Only accounts and passwords with less value should be stored in a browser. Passwords for your important email accounts (the ones that you use for online banking for example), your Paypal or online payment accounts should never be saved. They should be memorized.
The Firefox feature of using a Master Password only comes in handy if you are trying to hide your password from friends and family with little computer knowledge. The feature prevents them from viewing your password or logging into sites using your credentials when you are not around your computer or when you are not looking.
One should also remember that browsers offer syncing features. If people get access to your browser there is a high chance that they will get access to syncing codes or syncing account (if the password for it is saved as well). In such cases, some one can easily sync your password to another computer. There is a high risk.
It would have been really great, if modern browsers offered some encrypted form of password saving instead of saving them in plain text files. That would have helped internet users a lot.