Categories
Privacy Security Tech

Optimising Browser PW Management

Advantages

If you save your passwords to your browser if has some advantages. In the case of Chrome, your accounts are synced on to Android devices. Additionally, any device with Chrome where you are logged in to the browser will provide some protection from phishing. Because the browser doesn’t recognise the website, it won’t provide credentials, and therefore invites the user to double check what’s going on. Further, as the user it provides a seamless integration across devices.

Drawbacks

The first drawback comes from the advantages. By syncing passwords across devices you have the risk of contaminating personal and enterprise accounts. Secondly, should someone have access to your google account, you can consider all of your passwords, no matter how complex to be compromised. Google does provide some security by requesting authentication when accessing the cleartext passwords, but this authentication is provided by the local device, therefore any 3rd party with access to your Google account can access your passwords without needing your MFA. Finally, it is extremely easy to export the passwords to a cleartext file, usually CSV, and the probability is that you’ve been using it from before the times where secure passwords were suggested. As such, probability is that you may find reused passwords within your accounts list.

Optimising the tool for your security

First, secure your google account. MFA the hell out of it. Using a browser based password manager is better than no password manager, so securing access to your accounts is an important first step. Once you are confident your google account has been secured, check for reused passwords and secure those accounts. Where applicable remove the accounts which you no longer use. Google will offer passwords with a relatively high level of entropy for those accounts you are changing the details for.

Finally, make sure you are using Google’s Password Checkup semi-regularly to be alerted about data breaches. Signing up for HaveIBeenPwned alerts will also help inform you of compromised accoutns where passwords need to be rotated. Sadly, this tool will not provide any help with reminding about rotating your passwords regularly.