No one likes the Password.
Clunky, frustrating, and by now, we all know they’re not particularly secure, as almost daily we hear news of cyberattacks with compromised user credentials as the root cause.
But until they go away, there is a proper way to manage them. Here, are a few quick DOs and DON’Ts around storage.
- DON’T store them on post-Its (or any other paper bit). It’s Cybersecurity 101. Not only is it NOT secure because of potential misuse, but it’s also wildly common to lose them that way.
- DON’T store them on your browser! You may be thinking that storing your login credentials on your computer beats the post-It. Since experts frown upon password reuse, you think you’re doing the right thing by storing them in your browser. … Right? Particularly if you’re mixing up company passwords with personal ones or, worse yet, re-using the same or similar passwords across multiple accounts, giving your browser permission to keep them all is hugely risky.
Anyone who gains access to your computer will then have access to all your information, simply by accessing the browser information. Obtaining saved passwords is relatively easy.
Here’s how to view saved passwords in Chrome, for example:
- Open Chrome.
- Click the Menu button and select Settings.
- Scroll to Autofill, and click Passwords.
- Locate the password you want to view, and click the “eye” icon
- On the Linux operating system, you will not be prompted for a user password. On macOS and Windows, you will be required to enter your system password.
You can also un-hash a password with the Inspect function of your browser.
- Right-click the password field on a website.
- Select Inspect Element.
- Double-click on type=”password”, and replace password with text.
- Hit Enter, and close the Element Inspector.
- The password will be un-hashed and revealed for all.
Have a password for user access? Great, but hackers have plenty of sophisticated methods for guessing that. And that one password is the key to everything.
Even if you don’t save passwords for bank accounts or credit cards, chances are pretty good you’re using the same one or similar that you’re using for another account, which means the more sensitive information can be easily compromised.
“But hackers aren’t going to get my device!”
With stored passwords, bad actors may not need to physically access your devices. Some viruses and malware make it possible to obtain your password list remotely. At this point, a hacker will be able to access your accounts wherever you’ve saved credentials.
Bottom Line: Please Stop Storing Passwords on your Browser!
Here’s how you can delete passwords on Google Chrome
- Open a Chrome Window.
- Click on the three dots in the top right corner. Select Settings.
- Select Passwords. Here you’ll see a number of saved passwords.
- To delete an individual password, click on the three dots next to it and select Remove.
- To delete all, go to Clear Browsing Data from Settings -> Advanced and select Passwords.
If you don’t want Chrome to remember passwords anymore, toggle off the switch that says “Offer to Save Passwords” under Passwords.
And finally, the DO:
- DO Use a Password Manager
If you must have passwords, use a Password Vault like Keeper. (ZDNet rates Keeper #1 for Password Managers for the Enterprise.) But use passwordless multi-factor authentication (MFA) to access it. To keep it simple, and vastly more secure, use a TraitWare-protected Keeper Vault!
Find out more about TraitWare+Keeper here, and ask us and we’ll walk you through the setup in minutes.
TraitWare also works with Okta, Citrix, IBM, Ping … or any of the legacy IAM solutions that allow us to sit in front of them – to help you modernize access to your applications.
You can also Ditch the Password Altogether!
With TraitWare, you get Real Passwordless MFA™ that is inherent in the solution. This means you log in with True Zero Trust Access™ in 3 touches. You don’t have to remember a password or a PIN or have a code, or any other shareable/phishable secret sent to your phone.
You’ll use the biometric that you’ve already registered with the TraitWare app to authenticate to a registered mobile device you already carry, scan a one-time QR code, and access any screen you choose. Here’s how it works for G-Suite, just for example.
Intrigued? Take it for a FREE SPIN and see it for yourself.
Just want some of those Post-Its pictured above? Please get in touch! www.traitware.com/contact