Posted in:

Top 8 Reasons Why You Shouldn’t Use Browser-Based Password Managers

Let’s be real. Passwords do secure our accounts, but it’s a mess to keep them organized without being locked into a particular browser’s ecosystem. Nearly 32% of people currently choose to save their passwords in a browser and yet remain constantly worried. 90% of Internet users are worried about getting their passwords hacked. 

Forget about personal accounts. Maintaining (resetting/ storing/ revising) passwords on work accounts consume an average of 12.6 minutes per week for employees. That’s actual productivity time being lost on something that should ideally be painless and automatic. If you are someone who likes to switch between browsers, devices and ecosystems – it can be a tedious and redundant task to save your passwords multiple times across devices/ browsers. Managed IT Services Vancouver has detailed resources on leading password hygiene and store practices. 

The anxiety is shown in statistics. Recent studies show that 53% of people rely on their memory to manage passwords, and 51% of people use redundant passwords (same or, at least of a very similar pattern) for both work and personal accounts. Even worse, nearly a quarter of users continue to write down their passwords in spreadsheets despite all security advice to the contrary. There is a reason why 23 million account holders still use “123456” as their password. People are being forced to use insecure methods of password storage whenever they have to move from their main browser/ device. 

Here we present;

Top 8 Reasons Why You Shouldn’t Use Browser-Based Password Managers:

  • Security Concerns – Many cyber security experts think browser-based password managers may not be secure enough, especially compared to standalone managers. Studies show that they remain more susceptible to malware attacks via JavaScript. Password-stealing trojans are also highly effective in compromising stored credentials in browsers. Standalone password managers surpass browser password management as they designed with a security-first approach. This includes Advanced Encryption Standard (AES) 256-bit encryption, multi-factor authentication with hardware keys, zero-knowledge architecture and more. You can refer this article to know more about multi-factor authentication and how it can help keep your data safe.
  • All sensitive data in one place – Putting all your passwords and even financial details like payment cards etc. in a browser means a single breach can potentially affect all your data. That means you need to be alerted to and respond quickly enough to change credentials in the case of a breach or, hackers may have enough time to compromise one or more of your cards.
  • Can’t switch to another browser – Browser companies are clever and generally have it built into them to suggest and store secure passwords. It seems neat and nifty not to have to remember any of your passwords – until you try to use a secondary device from a different ecosystem or a browser.
  • Easy and Secure Sharing Options are not available – Sharing credentials is secure and easy with standalone password managers as they offer shared folders that are accessible by all registered members. In case you update a password, it’s automatically updated for all members in the group. This is a feature that’s missing in many browser password managers. This can cause problems for people, especially if you like or need to share accounts on OTT platforms with family or friends.
  • Concerns about device security– Hackers often try to exploit device vulnerabilities to try and get all your credentials in one go. If your device is infected with one or more malware, browser password managers can succumb to it. In this case, once you type in the master password, it can be tracked and all your data stored can be hacked.

    There is generally a high price to pay for companies/ brands that allow for vulnerabilities leading to credential disclosure. 33% of account-compromise victims are shown to stop doing business with companies and websites that had such security flaws. Managed IT Security Vancouver has detailed resources on securing your device against password hacking and other threats.

  • Able to store/save passwords only – Browser-based password managers can only store passwords and payment card details. In contrast, most leading third-party password managers allow you to save photos, videos, and documents along with passwords. This means you can even store all your notes, addresses, payment cards, and even your driving license. They even offer secure cloud storage hat can be extended as per your needs.
  • Lack of customization and powerful password storage – Just because a password has to be strong does not mean it has to be inconvenient to use. This is a feature that basic password managers on browsers lack. Even if you use the automatic password generator feature available on most browsers that helps you automatically create unique and strong passwords, you cannot customize them as per your preference. With a third party solution, however, you can easily customize generated passwords, such as, adjust the password’s length, customize symbols or digits as per your preference and more.
  • Limits You to Browser-Only Usage – The fear of losing access to your favorite sites and apps from password loss is enough to keep people locked into ineffective or underperforming browsers for years. Third-party password managers are an effective alternative in this case as they are platform and browser agnostic.  

So what’s one to do to get out of this mess? The easiest way out is to use a reputed third-party password manager. They offer better security through industry-standard encryption, easy accessibility, password customization, password sharing, and the ability to store much more of everyday use data than just passwords and payment cards. 

However, escaping the clutches of browser-based password managers can be difficult, just like changing any habit, but it’s not impossible. To start with, you can back up your saved passwords. This can prove to be the most difficult step as browser-based password managers typically do not make it easy to export saved credentials. Once you have successfully managed to back up your passwords, you can further choose to delete all saved passwords, turn off password saving, and syncing.  

About Sam Goh:

Sam Goh is the President at ActiveCo Technology Management, a Managed IT support Vancouver company. Sam comes from an operational perspective, his tenure at ActiveCo emphasizes working with customers to closely understand their business plans and to successfully incorporate the technology component to those plans. Under his leadership, ActiveCo has developed expertise which focuses on enriching the extensive customer relationships by integrating strategic and operational focus areas through consulting. When Sam and his wife Candee aren’t running ActiveCo, they enjoy road trips with their 2 children. Faith, family, friends and philanthropy lie at the heart of Sam’s personal beliefs.