How secure are Google passwords

Chrome, Firefox, Safari and Co .: Why you shouldn't save passwords

Many browsers offer to save entered passwords. It's convenient. But is it also safe? Here you can find out what needs to be considered when using the function.

Work, shop, look up, network with friends: Anyone who does a lot of tasks on the Internet should secure their accounts with different, hard-to-crack passwords. Many browsers offer convenient assistance in this regard: the log-in data can be saved with one click so that you do not have to re-enter them the next time you visit. But is it really a good idea to entrust your access data to the browser?

What happens when you save passwords in the browser?

Christian Lueg from the IT security company Eset has a clear opinion: "We would generally advise against saving passwords directly in the browser," he says. It does not matter whether the browser stores the data encrypted in the cloud or locally on the user's hard drive.

"The problem is that the passwords are partially decrypted on the device," says Lueg. "This means that anyone with access to the device can easily read the data." Other users using the same computer could, for example, use the browser's export function to display all of the saved log-in data in plain text.

Apple's Safari browser is an exception. Here, all passwords are stored in a central, system-wide password safe, the key ring. Without a password, this data cannot actually be read out. By default, the device password (Mac) or the unlock PIN (iPhone / iPad) must always be entered when automatically filling in access data. Alternatively, you can also use your fingerprint (newer Macs / older iPhones) or Face ID (newer iPhones / iPads).

BSI warns of data leaks

Windows does not have such a central password safe. If a PC is used by several people, the Federal Office for Information Security (BSI) recommends setting up several user accounts in the browser that restrict access to personal data.

Nevertheless, risks remain, warns the BSI: "Password managers integrated in the browser make it easier to deal with passwords, but have the disadvantage that the stored access data can be extracted relatively easily by malware and thus misused by an attacker," shares a spokesman Demand with.

What users should do now

Anyone who has already saved their passwords in the browser can delete them manually. Both under Google Chrome and Firefox, the password settings can be found in the "Data protection and security" menu. The BSI recommends deactivating the "Save passwords" function for the future or at least taking additional security precautions.

In Mozilla Firefox, for example, there is the option of protecting stored log-in data with a master password using the integrated "Lockwise" password manager. Only those who know this can access the passwords.

Note: The t-online.de browser is also based on Mozilla Firefox technology. You can download it for free here.

According to IT security expert Lueg, two-factor authentication (2FA) can also prevent unauthorized persons from logging into the user account using "stolen" passwords. More information can be found here.

The safer alternative: password manager

All experts recommend the use of so-called password managers as a secure alternative to browser-based solutions. This means that users can save themselves the constant typing of their email address and password. The passwords are usually stored more securely than in the browser. Depending on the software and provider, the data is either stored encrypted in the cloud or locally on the user's computer.

A master password or a physical key protects the password memory from unauthorized access. In order to log in to websites, a certain key combination is often sufficient, with which the log-in data is transferred from the software to the browser window.

A safe in the cloud

A password safe in the cloud has the additional advantage that the user can access it from all devices and platforms - he is not dependent on a specific browser. However, the services are often chargeable. Here you can find out which free service Stiftung Warentest recommends.

The security expert Lueg also swears by a password safe in the cloud. Initially, the operation took some getting used to. But after a short time, the services are almost as easy to use as the browser functions - and at the same time much more secure.

more on the subject

  • Subjects:
  • Digital,
  • Computer,
  • Software,
  • Digital tips,
  • Browser,
  • Passwords,
  • Password,
  • Chrome,
  • Firefox,
  • Mozilla,
  • BSI,
  • Windows,
  • Stiftung Warentest