You may be thinking that storing your login credentials on your computer beats the Post-it. Since experts frown upon password reuse, you’re doing the right thing, right? Here’s why you should stop:
Saved passwords invite unauthorized access.
Anyone who gains access to your computer will then have access to all your information, simply by accessing the browser information. Obtaining saved passwords is relatively easy.
Here’s how to view saved passwords in Chrome, for example:
- Open Chrome.
- Click the Menu button, and select Settings.
- Scroll to Autofill, and click Passwords.
- Locate the password you want to view, and click the “eye” icon
- On the Linux operating system, you will not be prompted for a user password. On macOS and Windows, you will be required to enter your system password.
You can also un-hash a password with the Inspect function of your browser.
- Right-click the password field on a website.
- Select Inspect Element.
- Double-click on type=”password”, and replace password with text.
- Hit Enter, and close the Element Inspector.
- The password will be un-hashed, revealed for all.
Have a password for user access? Great, but hackers have plenty of sophisticated methods for guessing that. And that one password is the key to everything.
Even if you don’t save passwords for bank accounts or credit cards, chances are pretty good you’re using the same one or similar that you’re using for another account, which means the more sensitive information can be easily compromised.
“But hackers aren’t going to get my device!”
With stored passwords, bad actors may not need to physically access your devices. Some viruses and malware make it possible to obtain your password list remotely. At this point, a hacker will be able to access your accounts wherever you’ve saved credentials.
If you must have a password, use a Password Vault like Keeper. But use multi-factor authentication (MFA) to access it. To keep it simple, you can use TraitWare and Keeper together!
You can use Keeper and TraitWare for any application that does not allow modern login. TraitWare also works with Okta, Citrix, IBM, Ping … or any of the legacy IAM solutions that allow us to sit in front of them – to help you modernize access to your applications.
Ask me how you can get TraitWare® and Keeper up and running quickly and easily
You can also Ditch the Password Altogether!
With TraitWare, you get Real Passwordless MFA™ that is inherent in the solution. This means you log in with True Zero Trust Access™ in 3 touches. You don’t have to remember a password or a PIN or have a code (which is really just another password) sent to your phone.
You’ll use the biometric that you’ve already registered with the TraitWare app to authenticate to a registered mobile device you already carry, scan a unique QR code and access any screen you choose. Here’s how it works for G-Suite, just for example.
Try it for Free
So, Please Stop Storing Passwords on your Browser!
Here’s how you can delete passwords on Google Chrome
- Open a Chrome Window.
- Click on the three dots on the top right corner. Select Settings.
- Select Passwords. Here you’ll see a number of saved passwords.
- To delete an individual password, click on the three dots next to it and select Remove.
- To delete all, go to Clear Browsing Data from Settings -> Advanced and select Passwords.
If you don’t want Chrome to remember passwords anymore, toggle off the switch that says “Offer to Save Passwords” under Passwords.
For more information about how we team up with Keeper to deliver simple secure login for the enterprise … or if you just want some of those Post-its pictured above, please get in touch! www.traitware.com/contact