While it may be convenient, do not save your passwords!

    Saving Your Passwords Can Have Disastrous Results.

    Using your web browser as a quick way to sidestep remembering your passwords might seem to be extremely convenient, but this approach poses significant security risks. This feature is offered on various browsers including Mozilla Firefox, Google Chrome and Internet Explorer. Each one has their own individual weak spots that could cause problems down the road.

    Exactly how much risk you taking with your critical and confidential data depends on numerous factors. The risks might depend on your specific browser, whether the data is being synced with other mobile or fixed devices, and whether the password storage feature is being used in combination with other security solutions.

    Typical Security Risks

    The very nature of allowing your web browser to remember passwords that link to confidential information creates. In particular, someone else may be able to exploit this same feature. For instance, any person that uses your computer will have instant access and login info to some of your accounts and can view all confidential information – and even pose as you. And of course they can gain access to your company’s confidential data as well.

    If you can see all of your accounts through an instant login, so too could any thief that gains prompt access to your tablet, smart phone, laptop or desktop computer. And if you ever sell or give away any of these devices, the next individual can quickly recover your passwords and gets into your accounts – such as any email and web services you connect to.

    Many types of viruses and malware are designed specifically to steal credit card and banking information, along with all of the saved passwords. If you have been paying attention, your banking institution probably does not allow your browser to save the password automatically as a way to safeguard sensitive information. However not all institutions have this level of security. When logging onto less secured sites, it is very easy for someone to gain access to the password when stored on the browser.

    Turning off the Feature

    As a rudimentary password management option, Internet Explorer, Firefox, Chrome and Safari offer the save feature as a default. To quickly disable the feature, follow these steps that are provided by the browser vendors:

    • For Internet Explorer (32-bit) –To disable the automatic password management feature,
      • Choose Tools, then select Internet Option.
      • Next, choose the Content Tab.
      • Next, click on Settings to disable “Usernames and passwords on forms.”
    • For Mozilla Firefox (32-bit) –To disable the automatic password management feature,
      • Choose Tools, then select Options.
      • Next, choose Security tab to disable “Remember passwords for sites.”
    • For Google Chrome –To disable the automatic password management feature,
      • Choose the Wrench tool and select Options.
      • Next, choose Personal Stuff, then select “Never save passwords.”
    • For Safari –To disable the automatic password management feature.
      • Choose Gear tool, then select Preferences.
      • Next, choose Auto Fill, then disable “Usernames and passwords.”

    Protecting All Devices

    Because it is so easy for tablets and smart phones to fall into the wrong hands, it is critical to protect all of your mobile devices as well as your laptop. To do so you will need to enable password protection, or disable any automatic feature that allows your mobile device’s Internet browser to automatically keep track of private passwords.

    An effective way of adding an additional layer of security is to include a key lock/PIN code. Many newer smart phone devices automatically have a “pattern lock” – allowing the user to develop their own personalized pattern or shape that is drawn on a screen. This avoids the need to create an alphanumeric + symbols password.

    Safeguard Your Sensitive Mobile Data

    Back in the old days password locks and PIN entries were the only things needed to protect cell phones – there simply wasn’t a lot of data on these devices and certainly not access to business critical web services. Today your smart phone and tablet are actually mini computers holding reams of critical and confidential data.

    Fortunately many smart phone platforms offer specific software designed to encrypt folders and files. You should use these.

    These folders might contain login details, account numbers and passwords saved for numerous accounts including online merchants and banks. An additional way of saving sensitive information is to transfer and store it remotely by logging into secured online servers.

    Your Mobile Wireless Connection

    It is imperative to have a high level secured password that protects your mobile wireless connection to avoid any cyber-attacks by individuals that can gain access to your phone and other devices through your Wi-Fi link.

    You also need to change your passwords routinely. It is no longer acceptable to use simple, easy-to-guess passwords and passphrases – and keep them in place for years. By changing your passwords as part of a scheduled routine, you eliminate many of the problems of being hacked or cyber-attacked by individuals that crack your passwords and gain access to your critical confidential data.

    The Solution: Don’t Save Passwords and Use More Than One

    While we’ve explained why saving passwords so dangerous, it is also a bad idea to use just one password – especially for email.

    Many security experts believe that email is the one app most often compromised.

    Email passwords are sought after because they can really be the keys to the kingdom. With just your email password, a hacker can likely get into your other accounts since most end users reuse passwords. 

    And, today, email links directly to social media, so a hacker can pretend to be you or gain enough personal information about you for identity theft.

    The other issue is that your email is often used by services to reset a lost password. A hacker can access other accounts even without knowing your other account’s password by having the password-reset link sent to your email ― which they can already access.

    The best safeguard is two-factor authentication (2FA) where you use a password, but then provide one more credential before gaining access.

    With 2FA, you first enter your username and password, but before you get to access your account you need to answer a personal question, click an image you have chosen from many, or use other authentication means such as biometrics or a token.

    One of the great things about 2FA is how user-friendly it is. How hard is it to remember your mother’s maiden name?

    When implemented correctly and using a quality solution, 2FA/MFA will not only keep a digital infrastructure safe, it will do so without inconveniencing employees.

    Companies may want to use 2FA in conjunction with Single Sign-On (SSO) to make it easier for employees to sign into your company’s system. SSO allows a user to have direct access to all of the platforms they use, but they only need one password to access them. It’s like having a single, very secure key to access 100 different doors with 100 individual locks.

    SSO is definitely something you’ll want to look for when considering your options for a 2FA vendor. However, remember that just offering SSO isn’t good enough - you need to do a deep dive to understand any 2FA vendor you are evaluating.

    Check out our 2FA Buyers Guide for more information.

    Ready to Get Started?

    Let's Talk