Is It Safe to Have Your Browser Remember Your Passwords?
Not all of us have the best memories. This makes the ability for many browsers to remember our passwords seem like a godsend. However, is this capability really a good thing for your Arizona small business? You may have set up great anti-virus software and created an integrated approach to security with good technology and process, but still not considered the effect of internet browsers password functions on your organization.
After all, it's quite a task to set up a new employee and keep existing employees happy with the IT services that you provide. Many people are not aware of the risk that browser-based password management poses to Phoenix small business online security. You may think your Phoenix IT security protocols for how programs dictate password strength is enough, but it may not be. Of course, password rules for internal systems can be configured to have a certain number of characters, numbers, letters and special characters, but the complexity of the password is irrelevant if a hacker gains access to it. If your Phoenix IT solutions plan does not include a specific password management solution for your employees, I can almost guarantee you that they are saving passwords in their browsers. You will see in this article how dangerous this could be to your organization's cybersecurity.
Popular Browsers Put Phoenix Small Business Online Security at Risk
While the fact that we no longer have to remember each different password for our online accounts may seem ideal, relying on the browser to remember them for us presents a few issues. Each of these browsers leaves some kind of opening for a hacker to review a user’s list of passwords. Password management on these popular browsers presents vulnerabilities as you see below.
Google Chrome - When a user is logged in through in their Google account, Chrome will automatically save any passwords that the user inputs. If a hacker was then able to gain access to that Google account, the entire list of passwords would be available to them. Chrome is a very popular browser, and many businesses have not thought about how to separate their employees' business and personal use of this tool. Besides saving password history, a plethora of other things are associated with Chrome. You may want to either assign or have employees create Gmail addresses that are used strictly for work, (with you, the employer, having the password privileges.) If employees are logging in under their personal Gmail accounts, and saving passwords in the browser, then not only do you have the risk of a hacker gaining access to everything from that email address, but if the employee leaves, they effectively carry all the work passwords with them out the door on this "personal" Gmail/Chrome login. You can see how this could put your Phoenix small business online security at risk!
Mozilla Firefox - Utilizing low-level encryption, Firefox hides a user’s passwords, utilizing a single master password as the encryption key. However, because this encryption has such a low level, a brute force attack can break it. Plus, if someone is in possession of the device itself, they can access the passwords without having to log in.
Safari - Just as is the case with Firefox, Safari stores all passwords in the browser’s settings, where they can be accessed without a login required.
Internet Explorer - When Internet Explorer saves passwords, all it takes to expose them is a readily available tool.
Microsoft Edge - Edge has had some security issues, such as a flaw that enabled hackers to read files that were browser-compatible (like the notepad files that some might keep a list of passwords in). In addition, some third-party password managers, like Edge Password Manager, have failed to require password authentication in the past.
Of course, there are other threats to your password security as well. For instance, a bug that dates back 11 years was discovered early this year that allowed website credentials to be stolen. A secondary form was hidden behind the login form, stealing usernames (which were often just the user’s email) and passwords without the user having any idea. Phoenix IT security can be compromised by any hacker who exploits weaknesses in popular browsers to gain access to critical passwords. The good news is that you can reduce your risks with alternative password management solutions to those offered by popular browsers.
Keep Your Business Safe with 30 Days of FREE Outsourced Phoenix IT Solutions
We genuinely care about helping your business succeed, and we put our money where our mouth is to prove it. MyTek is so certain that we can help make your business more effective with comprehensive Phoenix small business online security and helpdesk services, that we offer the opportunity to try our services for 30 days at NO COST. This includes consultation, on-boarding, and servicing for 30 days at no cost. Unlike other IT companies, our business is built on our clients’ satisfaction, so we don’t require contracts going forward. We partner with you to make your business better. Our Phoenix IT solutions will make sure you are protected 24/7. Interested? E-mail or call us at / 623-312-2444 to take advantage of our complimentary IT assessment and a 30-day trial of Phoenix IT security and support that will amaze you!
What should you do Now?
Your first step should be to ask employees to disable their preferred browser’s built-in password manager. Here's how:
Google Chrome - Under the toolbar, select Chrome Menu, and from there, Settings. Scroll down until you can select Advanced, and from there, select Manage passwords (found under Passwords and forms). Finally, switch Auto Sign-in to off.
Mozilla Firefox - In the toolbar’s Firefox Menu, access Options. On the left, access Privacy & Security, and find Forms & Passwords. Find the Remember logins and passwords for websites option and deselect it.
Safari - Select Safari Menu from the toolbar, and then select Preferences and Autofill. Then you’ll need to deselect Using info from my Address Book card, Usernames and passwords, and Other Forms.
Internet Explorer - First, you need to reconsider utilizing Internet Explorer, assuming your organization gives you a choice in the matter. If you must, you will want to access the toolbar’s Internet Explorer Menu and select Internet Options. From there, click into Content, and select Settings (found under AutoComplete). Deselect both Forms and Searches and Usernames and passwords on forms. Finally, save your changes by clicking OK.
Microsoft Edge - Again, from the toolbar, select Edge Menu and from there, Settings. Scroll down to find View advanced settings. Under Privacy and services, deactivate Offer to save passwords, and under Manage passwords, deactivate Save from entries.
You may be wondering - Are there Phoenix IT solutions for users accustomed to browser-based password managers? We know employees may feel slowed down or lost without this function, but relying on browsers to remember passwords just isn’t a safe option for your company. There are, however, services like LastPass that can store passwords much more safely behind much more powerful encryption as well as provide your company with appropriate access and controls. Talk with us about setting up an enterprise-level password management solution that helps employees and keeps your business safe. This is a much better choice than entrusting Phoenix IT security to your employee's browsers!
Try Phoenix IT Security Management by MyTek free for 30 days and Get Protected
Get Phoenix IT solutions from MyTek Network Solutions. We will set up your company for success and protect your Phoenix small business from cybersecurity threats. E-mail or call us at / 623-312-2444 to take advantage of our complimentary IT assessment and a 30-day trial of Phoenix IT solutions that will transform how your organization views IT. Make it the thriving asset it was meant to be!