Just yesterday, I had a debate with an old friend of mine about online privacy. We discussed how to properly protect your accounts, how difficult the password should be, and, most importantly, how not to forget this password later. For me, for example, none of these questions even stood. Having learned from bitter experience, I have long ceased to invent protective combinations myself, and even more so to write them down on a piece of paper and store them in my wallet or next to the computer. But for my opponent, as it turned out, everything was not so obvious. I will analyze the main points that we discussed here.
The first issue we raised was about password storage. My friend belongs to those retrogrades who sincerely believe that defensive combinations can only be stored in the head. In his opinion, firstly, there are no guarantees that the browser and password managers store passwords safely, and, secondly, in the event of a collision with special services, it will be possible not to give out all the passwords at once, as if they were stored in the browser or password manager. After all, there all you need is to put your finger on the fingerprint scanner, and all the ins and outs will be available at a glance.
Is it Safe to Store Passwords in the Browser?
In principle, the argument is logical. We really don’t know if Apple or Google have any encryption keys to decrypt passwords that we have stored in their browsers. Although I do not adhere to conspiracy theories, I admit that they do have something like that. After all, there are TSA certified locks (if you don’t know, be sure to Google what it is). However, we equally cannot be sure that on the sites where we enter passwords, they are not read by some decryption script or keylogger program. But storing passwords in a browser has many benefits:
- The browser allows you to generate a stronger password than you can think of yourself, with symbols, punctuation marks, and numbers;
- The browser comes up with unique passwords, each of which is different from the previous one, and, unlike yours, has no common features;
- The browser allows you to store a huge number of passwords in memory, which is clearly more than you can remember on your own;
- Passwords that are stored in the browser can be inserted into authorization windows automatically, confirming the action with biometrics;
- Browsers can check passwords for cracking, notifying you to change the combination for security purposes;
- Browsers allow you to sync passwords between different devices, so you are guaranteed not to lose them.
Why You Can’t Use the Same Password Twice
Personally, I store all passwords in the Google Chrome browser. Recently, it has acquired extensive functionality that allows you to do this with convenience. He generates passwords himself, stores them himself, and checks them for hacking. In principle, only the first opportunity from this list would be enough for me. After all, before, when I did not yet know what a password manager is, I used the same security combination for all accounts at once. And I had and still have several dozen accounts. It is clear that sometimes this led to incidents.
For example, one day someone “stole” my password from the mail, hacked my Apple ID, and blocked my iPad. Fortunately, the intruder was very narrow-minded, so I quickly regained access to my tablet. However, the fact remains that the same password on several accounts can become the most serious vulnerability that no Android operating system bug can match. Therefore, all I can advise you is to drop all your prejudices about the reliability of your accounts and stop inventing passwords for them yourself, entrusting this responsibility to browsers.