We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Here’s Why Storing Passwords In Your Browser Is a Bad Idea

Google Chrome's password manager.

We often warn that browser-based password managers lack the security and features of dedicated password software. But still, they’re better than nothing, right? A new report from AhnLab ASEC proves the opposite—storing passwords in your browser leaves you incredibly vulnerable to hackers, even if you use unique passwords for each of your accounts.

While investigating a recent data breach, researchers at AhnLab ASEC found that hackers stole company login information from a remote worker’s browser. The hackers used a common malware called RedLine, which costs between $150 and $200, to retrieve this login information. Antivirus software did not detect the malware, which was probably distributed through a phishing email.

An example of login credentials stored in a browser's login table.
A browser’s login table, which stores credentials and login attempts. ASEC

Browsers like Chrome and Edge have password management tools enabled by default, and they keep track of all login attempts with pertinent information like date and time, the website URL, and whatever username or password you used. RedLine can access and interpret this data, which hackers may use or sell to bad actors.

To avoid this vulnerability, you need to completely disable your browser’s built-in password management tools. Telling your browser not to remember login data for a certain site isn’t enough—your browser will still log the site’s URL, which hackers can use to try and brute-force their way into your account without login credentials. (This data is more valuable if you’re signing into a work account, which may require logins through a VPN or firewall.)

We strongly suggest disabling your browser’s built-in password manager and using dedicated software. There are a ton of great free and paid options out there, and you can easily export your Chrome, Edge, or Firefox passwords to a dedicated password manager.

Source: AhnLab ASEC  via Bleeping Computer

Andrew Heinzman Andrew Heinzman
Andrew is the News Editor for Review Geek, where he covers breaking stories and manages the news team. He joined Life Savvy Media as a freelance writer in 2018 and has experience in a number of topics, including mobile hardware, audio, and IoT. Read Full Bio »