In past trainings, I have recommended that staff NOT allow their browser to save their passwords.
Generally, I still think that is the best choice. However, let’s look at this from a different perspective.
We all have dozens of usernames and passwords to hold onto. If you don’t record them somewhere, the temptation is to use the same password for all of your services. This is bad. It means that if just one of those services gets hacked, your email and password can wind up for sale on the dark Web, and criminals will try to use that combination on every major online service available to find the ones it works for.
(Have any of your user accounts or passwords been hacked? Find out at https://haveibeenpwned.com/ and https://haveibeenpwned.com/Passwords !
So, it’s better to have lots of strong unique passwords and keep them recorded somewhere. The best way to do this?
For my personal (not work) user accounts, I use a free LastPass account, which manages all of my passphrases, and even automatically generates new ones, for free. I have literally never even seen the passphrase for some of my services, and I won’t need to. I highly recommend LastPass for your personal accounts.
For work accounts, there are other choices:
- Keep passwords in a paper notebook. It’s low tech, but it works! https://www.vox.com/2014/4/16/5614258/the-best-defense-against-hackers-writer-your-passwords-down-on-paper
- Keep passwords in a Microsoft Word or Excel document, and encrypt that document with another password. https://support.office.com/en-us/article/protect-a-document-with-a-password-05084cc3-300d-4c1a-8416-38d3e37d6826 (Just make sure you don’t lose THAT password).
OR you can just let your browser remember all of your passwords.
Using your browser as a password manager has its pros and cons.
- It’s easy.
- It’s better than reusing the same password for lots of services.
- If your Microsoft (for Edge) or Google (for Chrome) password gets stolen, the hacker can easily nab all of your other passwords. (Phishing attacks have proven quite effective in stealing passwords! Trust me, I’m not kidding around!)
- If anyone with malicious intent managed to reach your computer while it was logged in, they could easily access all of your data without knowing your passwords.
Still, if it’s your preferred method of keeping your passwords long and strong, then I’ll support it.
Speaking of which, what happens when your browser has your password, but you don’t remember it? Follow these steps to see any password stored in your browser (works in Chrome and the new Edge).
- Click “…” in the upper right corner of your browser.
- Select “Settings”
- Select “Passwords”
- In Chrome this is the first setting under the “Autofill” section right on the first page of settings.
- In Edge, this is the third option under “Your profile” right at the top of settings.
- From here, you can search for services that the browser has a password for.
- To see a password, click the eyeball next to the “*********” representing that service’s password.
- You will need to enter your computer’s user account password in order to see the saved password.