{"id":386889,"date":"2021-12-28T23:03:45","date_gmt":"2021-12-28T20:03:45","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/heres-why-storing-passwords-in-your-browser-is-a-bad-idea-review-geek\/"},"modified":"2021-12-28T23:03:45","modified_gmt":"2021-12-28T20:03:45","slug":"heres-why-storing-passwords-in-your-browser-is-a-bad-idea-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/heres-why-storing-passwords-in-your-browser-is-a-bad-idea-review-geek\/","title":{"rendered":"#Here\u2019s Why Storing Passwords In Your Browser Is a Bad Idea \u2013 Review Geek"},"content":{"rendered":"

“#Here\u2019s Why Storing Passwords In Your Browser Is a Bad Idea \u2013 Review Geek”<\/strong><\/p>\n

\n
\"Google
Google<\/span><\/figcaption><\/figure>\n

We often warn that browser-based password managers lack the security and features of dedicated password software. But still, they\u2019re better than nothing, right? A new report from AhnLab ASEC<\/a> proves the opposite\u2014storing passwords in your browser leaves you incredibly vulnerable to hackers, even if you use unique passwords for each of your accounts.<\/p>\n

While investigating a recent data breach, researchers at AhnLab ASEC found that hackers stole company login information from a remote worker\u2019s browser. The hackers used a common malware called RedLine<\/a>, which costs between $150 and $200, to retrieve this login information. Antivirus software did not detect the malware, which was probably distributed through a phishing email.<\/p>\n

\"An
A browser\u2019s login table, which stores credentials and login attempts. ASEC<\/a><\/span><\/figcaption><\/figure>\n

Browsers like Chrome and Edge have password management tools enabled by default, and they keep track of all login attempts with pertinent information like date and time, the website URL, and whatever username or password you used. RedLine can access and interpret this data, which hackers may use or sell to bad actors.<\/p>\n

To avoid this vulnerability, you need to completely disable your browser\u2019s built-in password management tools. Telling your browser not to remember login data for a certain site isn\u2019t enough\u2014your browser will still log the site\u2019s URL, which hackers can use to try and brute-force their way into your account without login credentials. (This data is more valuable if you\u2019re signing into a work account, which may require logins through a VPN or firewall.)<\/p>\n

We strongly suggest disabling your browser\u2019s built-in password manager and using dedicated software. There are a ton of great free and paid options out there, and you can easily export your Chrome<\/a>, Edge<\/a>, or Firefox<\/a> passwords to a dedicated password manager.<\/p>\n

Source: AhnLab ASEC<\/a>\u00a0 via Bleeping Computer<\/a><\/small>\n<\/div>\n