Pages:
Author

Topic: Do not save logins and sensitive info inside the browser (Read 222 times)

full member
Activity: 728
Merit: 217
For me I see those people that store their password in any online platform or website as a very big mistake because if they can be easy to be hack from unknown person, and I don't think that some persons is aware that you are password can be extracted from your browser if it is being stored in your browser or website if you are ignorant on that, you have to know that they have implications for storing your password that is important to you in your email, is not encouraging also, so I believe that we have to understand such scenario, what OP did now is a campaign so that we will be aware that storage of passwords to browser is risky.
newbie
Activity: 14
Merit: 0
Most snoops just go into credential manager if they have access to your machine and you have it running. It then spits out every password on that machine ..if you have it active that is.
legendary
Activity: 2212
Merit: 7064
The problem here is that the built-in password managers often have no password protection and this means that your sensitive data is not encrypted and is in plain text. (Safari does not have this issue.)
It is true that password managers that are built in browsers usually don't have password protection on it's own, but they are using password from login account on your computer.
So you can't easily access all details with password even if you are logged in to your account because you have to type OS login password to access this.
I wouldn't blindly trust this especially if you are using weak login password, and there are much better open source password managers like KeePass.
If you don't have any password for login to your OS than you are screwed, especially if you are using wind0ws spy OS.
legendary
Activity: 2254
Merit: 2406
Playgram - The Telegram Casino
A handy diary and pen is the best way to store passwords for important websites. I have seen many sites which worked well for privacy become a potential risk at a later time, so I'll stick to writing down very sensitive passwords down. Not so sensitive ones can be stored in recommended password managers. Never store credit card info electronically.

Your phones notebook is another source of unencrypted information. Do not store anything sensitive or personal there.
legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
Saving sensitive info online and not encrypted will always be risky, if it is online, then it can definitely be stolen by a malware. I have never used this browser in-built password manager, but if any of them has a master password protecting the saved data, then it is the same thing as an online password manager, and carries the same risk. Thus it is important to note that, in selecting a password manager, choose one that doesn't store your passwords online or in the cloud, but allows you to be able to manage it in your offline device.
hero member
Activity: 1064
Merit: 501
I think this should be one of the first security measures everyone should put in place when using gadgets.

The high rate of how people have their saved logins on the browser is alarming, and it should be minimized because of how people always see the option of having password logins on their gadget browser as the safest and quickest way to enter and remember their stored passwords logins on the browser. They don't see any problem with that since they are not letting it out to anyone or giving out their phone to anyone to make more use of than them.

Although, we learn every day. I think this information we learn about saving browser logins on browser should be circulated to our friends and family so that they can be aware of the dangers and desist from having it done, by beginning to have their password not saved on the browser but instead a manager passwords you mentioned

Therefore you need to store all this data into a proper password manager like 1Password, Bitwarden, KeepassXC, or Proton Pass. These store your data in encrypted containers that are password protected by a master password. Make sure you choose a strong master password and you do not forget it. They are much better than storing your passwords in your browser's password manager.
hero member
Activity: 1162
Merit: 643
BTC, a coin of today and tomorrow.
Therefore you need to store all this data into a proper password manager like 1Password, Bitwarden, KeepassXC, or Proton Pass. These store your data in encrypted containers that are password protected by a master password. Make sure you choose a strong master password and you do not forget it. They are much better than storing your passwords in your browser's password manager.
I had wanted to use the password manager, but instead I opted for the browser password manager. Although I only save non sensitive passwords there. But this post has made me understand that such browsers lack some security deficiencies. It's high time, I began to do the correct things even if I don't use them for sensitive things.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
In addition, it will be useful to use such a function as clearing all cookies when closing the browser. Probably everyone has heard stories about the hacking of different accounts in one way or another, but users had no idea that it was possible to steal browser session data and thereby, without the user’s knowledge, find out all the information not only about passwords but also about all the sites they visited.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I used to do this until I got into crypto and started reading. When I researched on ways to keep my assets safe in one of the cybersecurity articles, this topic was one that came up. I immediately did the needful. And that included deleting the passwords and other personal information which I had saved to the cloud.
Example is Google and Android owned by Google. Some people will save their passwords online and also backup their 2FA online. All on Google cloud. What that remains to access their exchanges, gambling site account and other accounts that they even use 2FA with? Only what that is needed to access it is the device password. If not have the device, the persons email username and password are enough to access all the information that can be used to access and send coins on the platforms mentioned after the victims account has been compromised.
hero member
Activity: 2520
Merit: 783
Me again, with another important cybersecurity update. Today I am going to be talking about why you shouldn't store things like passwords, credit card info, and addresses inside your browser.

Most browsers have some sort of built-in password manager that stores not only passwords, but things like your addresses, saved cards and so on.

Well I'm here to tell you that this is a treasure trove of data that is often targeted by malware, in order to use the data for mischievous things like abusing them, or selling them off to someone who will.

The problem here is that the built-in password managers often have no password protection and this means that your sensitive data is not encrypted and is in plain text. (Safari does not have this issue.)

Therefore you need to store all this data into a proper password manager like 1Password, Bitwarden, KeepassXC, or Proton Pass. These store your data in encrypted containers that are password protected by a master password. Make sure you choose a strong master password and you do not forget it. They are much better than storing your passwords in your browser's password manager.

Exactly people should not rely on automatic inputs of their important details especially there user id and password to browsers since they are making their selves available for any potential risk that might happen to them.

People should not feel so lazy for typing up their password since it will only take few seconds to do it also they can assure that they are safe. I'm using incognito if I'm don't feel safe upon browsing something unusual to me.

The password manager suggestion is good to grab by people but if they don't really comfortable to use any tool then maybe they must use the traditional way for logging in their user id and password.
full member
Activity: 252
Merit: 131
Laziness sometimes is the main cause of this issue and it gets bad when we have to pay for our carelessness the hard way. The ease and comfort of remaining logged into most site we surf too often has made it very deficult to take these salient but all important safety precaution and and let's hope that it doesn't harm us too bad in the long run.

Because of the numbers of site we sign into almost on a regular bases, we are prone to using similar passwords and then leave it logged in so if we visit the site for the second time, we don't necessarily have to put our passwords and as human, we are by our nature good at shifting responsibility to a third party and that's one major thing hackers are relying on to get into the devices that aee vaulnaurable to these kind of lapses.
sr. member
Activity: 602
Merit: 387
Rollbit is for you. Take $RLB token!
sr. member
Activity: 630
Merit: 298
We sign up on a ton of sites every day both important and unimportant  and keeping too many passwords in the head can be a nightmare. Of course some people can be good at remembering but only when they have similar passwords and if you come to think of it using similar passwords is way too dangerous as if a hacker should get hold of the syntax all passwords of that user would be at risk.

Just has you have pointed out redundancy is a very big problem in password management, I hear people say you need to create a new password for a new account and things like that and I say it’s not a problem but the problem lies in backing up the passwords too many can lead to forgetting some which is why similar password seems more fair to me even if it has it’s own danger too. Take for a example the idea behind seed phrase as one entity to recover multiple private keys and addresses. With not so many of them it will be much easier to save guard and protect very well.

I used to do this until I got into crypto and started reading. When I researched on ways to keep my assets safe in one of the cybersecurity articles, this topic was one that came up. I immediately did the needful. And that included deleting the passwords and other personal information which I had saved to the cloud. Corporations are out to make money and users information is another big market. And they would not think twice before selling out your personal information to the bidder with the highest offers. And when they do, you would innocently get an email informing you of a data breach.

The problem with all this password managers or safes is that even if they don’t handover the passwords or sell them off, they too can be hacked and if there data base is breached the hackers can just get hold of the information and that’s why offline saving of passwords remains the best.

I hope those passwords you deleted from the clouds aren’t the ones you are still using, because the deletion wouldn’t matter much as they could still have them. Best is to change them
full member
Activity: 252
Merit: 175
cout << "Bitcoin";
I am really glad that you came up with this sensitive information. There are few browsers that I am using currently, which I don't trust. There is one particular browser which doesn't even have options to delete all saved passwords, but rather only option to delete all saved data, which doesn't even work, as it has a way of suggesting those passwords to you after sometime.

To show how much I really value security, I just finished installing the 1password, but the critical reviews that I have read so far, talks more about the APK freezing in some way. I should probably try it out to see for myself.
sr. member
Activity: 448
Merit: 560
Crypto Casino and Sportsbook
Also Chrome partially does not have this issue if you protect your phone with pin, password, pattern or fingerprint. If you go to chrome where you will see it, you can not know the password without using your device access code to access it. But one thing I disliked about the password manager is that it is online. The second thing I disliked about the Google password manager is that if you want to login on a website, the password and the username will autofill itself and if you click on show password icon on the website, you will see the password in plain text which makes what you posted to be partially true. I guess that it would also be on Safari like that. Or isn't it like that on Safari?
you can turn off the auto fill feature on the earliest version of chrome. Plus currently the passwords manager on chrome conceals all passwords even when you attempt the auto fill feature. The only time raw passwords are displayed is when you choose to by trying to view you passwords where chrome will ask for a mobile phone verification first probably a pin , password fingerprint or face id as the case may be.

The fact still remains those passwords are not 100% safe as  an hacker getting hold of the Google account puts all the passwords at risk. Even if Google currently has the option to encrypt passwords.
hero member
Activity: 1190
Merit: 901
Livecasino.io
I used to do this until I got into crypto and started reading. When I researched on ways to keep my assets safe in one of the cybersecurity articles, this topic was one that came up. I immediately did the needful. And that included deleting the passwords and other personal information which I had saved to the cloud. Corporations are out to make money and users information is another big market. And they would not think twice before selling out your personal information to the bidder with the highest offers. And when they do, you would innocently get an email informing you of a data breach.
newbie
Activity: 14
Merit: 22

Also Chrome partially does not have this issue if you protect your phone with pin, password, pattern or fingerprint. If you go to chrome where you will see it, you can not know the password without using your device access code to access it. But one thing I disliked about the password manager is that it is online.

If it is malware, I don't think the phone password will stop it from being stolen by the hackers. The phones password will only keep it safe from outsiders. But malware once in your mobile phone might be able to access any unsecured data. I don't know much about how it does it but that's what I think will happen. Chrome will always ask if it should store your data or use it to auto login. So it is the users fault if his data is stolen.

They are much better than storing your passwords in your browser's password manager.

How do I know if my phone has a malware inside? Is there a way of noticing it?
sr. member
Activity: 448
Merit: 560
Crypto Casino and Sportsbook
Nice one NotATether . I'll start by commending you for reminding the forum users about the security vof their passwords. The reason a lot of persons store their passwords online is mainly because it's the easiest way like a chrome user can just hit save passwords after logging in for the first time and the passwords get saved with their mobile phone pin or password as a protection.

We all know that not all our data is safe with Google but the question most people ask themselves is what could I possibly do?

We sign up on a ton of sites every day both important and unimportant  and keeping too many passwords in the head can be a nightmare. Of course some people can be good at remembering but only when they have similar passwords and if you come to think of it using similar passwords is way too dangerous as if a hacker should get hold of the syntax all passwords of that user would be at risk.

Personally I believe being as careful as possible and lucky at the same time is what keeps us safe from passwords breach, because there is no 100% secure way to store ones passwords.
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
The problem here is that the built-in password managers often have no password protection and this means that your sensitive data is not encrypted and is in plain text. (Safari does not have this issue.)
Also Chrome partially does not have this issue if you protect your phone with pin, password, pattern or fingerprint. If you go to chrome where you will see it, you can not know the password without using your device access code to access it. But one thing I disliked about the password manager is that it is online. The second thing I disliked about the Google password manager is that if you want to login on a website, the password and the username will autofill itself and if you click on show password icon on the website, you will see the password in plain text which makes what you posted to be partially true. I guess that it would also be on Safari like that. Or isn't it like that on Safari?
full member
Activity: 189
Merit: 120
Well I'm here to tell you that this is a treasure trove of data that is often targeted by malware, in order to use the data for mischievous things like abusing them, or selling them off to someone who will.
The malware attack aside, there is a possibility for close relatives and friends to even steal your important information from you just by making use of your browser.
 
I can remember sometimes that last year I made a registration to some freelancing site using my coursemate device, and I remember using the save password option on Chrome.
 
When I was finding it difficult to recall the pass just because I knew the guy's phone password, I was able to access the inbuilt Chrome password saver, and my details were not the only thing visible there. Someone with ill intentions can easily sneak on any information needed from their work, just the phone password. You can grab all the saved data in his browser.
Pages:
Jump to: