Web Browser Password Saving Is Still a Risky Proposition

As you navigate through Chrome, or Safari, or Firefox, or whatever your browser of choice is, you’re often given an enticing option: Would you like us to save your password? A recent browser breach is a reminder that if you answer yes, you’re taking a risk.

Late last week, the browser Opera confirmed a successful attack on its systems. The hackers were likely able to access personal information, company developer Tarquin Wilton-Jones wrote in a post announcing the breach, “including some of our sync users’ passwords and account information.”

Opera sync is that browser’s version of the feature that helps you coordinate passwords across devices. Save your Facebook password in Chrome or Safari or Opera on your desktop, and it’ll be there waiting for you on the mobile versions of those devices, as long as you’re logged in. While Opera says it encrypts all passwords it stores, it still reset all Opera sync account passwords, and asked people to reset passwords for third-party sites as well, “as a precaution.”

Of Opera’s 350 million users, only 1.7 million used sync in the last month, meaning the fallout is likely limited. The incident is a reminder, though, that while browser-based password syncing can be a terrific time-saver, it’s not a replacement for more serious security hygiene. […]

 

If you were buying a safe, you’d want to know at least something about how secure its mechanisms are. For password managers, you mostly have to go on reputation. “It’s hard to say if any other company is doing a better job at protecting stored passwords because all we have to go by are their claims,” says Mark Burnett, author of Perfect Passwords. “It’s impossible as outsiders for us to truly know who is more secure or who will get hacked next.”

Read more at Wired.

Photo by christiaan_008

You May Also Like