The Internet’s been somewhat aflame (figuratively, not literally) because it was widely reported that Google’s Chrome browser stores passwords with no security at all. So how do you keep your browser passwords safe?
As Elliot Kember pointed out (and as rapidly went wildfire around the Web), Chrome’s default behaviour is to make your passwords immediately available as long as you could access the browser itself. Which is to say whenever anyone has physical access to your device at all.
Google’s call on this is that users should lock things at an account level, but I’m not entirely sold on that security model as the be all and end all. So what should you actually do to keep passwords safe in Chrome — or indeed, any browser at all?
It’s pretty simple: Don’t use browser password storage services.
Seriously, I can’t see why you would. If you want something to store your passwords, use a password manager. I use 1Password myself, but Keepass is fine too. If you absolutely must have it at a browser level, maybe Lastpass.
Store everything under a single, very secure password that you can remember, rather than relying on the browser to store it for you. There are companion apps for just about every platform to make logins on multiple devices simple enough, and it provides a layer of security that you just won’t get by storing your passwords with a browser’s built-in password manager.
That should really only be your very first step along the way to securing your accounts, though. Where two factor authentication is offered, use it. Yes, it’s less “convenient” than simply using a browser to store your passwords, but how convenient would it be to have your online identity (and possibly your bank accounts and/or ID) compromised?
Image: Ron Bennetts