Reply To: Is It Safe to Store My Passwords in a Windows Browser ? Interesting thought I had regarding Passwords and Windows Edge, Google Chrome and other browsers and how safe are your passwords stored / secured in these browsers ? Lots of different…

[UK Sentinel]

Introduction:

How Do Browsers Like Chrome, IE, and Safari Store Passwords?

All modern web browsers come with a built-in password manager that offers to store your login credentials, with varying degrees of security encryption. For instance, user passwords on Chrome are protected by AES encryption, and the encryption key is secured by a separate API, which is the Windows Data Protection API.

The problem occurs when someone else obtains access to your system (either physically or remotely), thereby gaining access to your entire library of passwords across different websites. Your exposure footprint is massive due to the fact that all your credentials are stored in one place without enough protection.

Your device passwords are frequently the only protection mechanism separating an unauthorized user from getting your browser stored password.

Data types stored in the browser:

• Credentials are username and password pairs for disparate sites (e.g., bank accounts, email services) that are stored for subsequent reuse.
• Cookies are text strings that websites save to the local disk. Serving a memory function, they recognize online behavior and remember actions. Cookies track visits to any given website, such as what’s in your cart at an eCommerce site, or the retention of browser login information.
• Session cookies track online activities. With them, users can be kept logged in to websites, or even to shop online – then close a session at any time with selected products remaining in their cart.
• Persistent cookies implement user preferences (e.g., language, internal bookmarks), such that they’re recalled the next time a user visits a site. These cookies remain intact even after the browser has been closed. For example, they can remember login details and passwords such that users don’t need to re-enter them every time they visit a corresponding site. They make for a more convenient and faster online experience.
• Third-party/tracking cookies collect various types of data, such as interests, location, age, and search trends. These data are then passed on or sold to marketers, thereby providing users with advertisements specific to their interests.
• Certain credit card information is saved to help a user conclude a purchase with no need to physically access a card.
• Autofill information stores alphanumeric characters a user enters in online forms to assist with filling similar fields in the future. Sometimes personal data such as a passport number is stored.
• A browser cache speeds up display time and saves bandwidth. It holds temporary files (e.g., web pages, images) that are downloaded behind the scenes while web pages are being fully rendered. And should the user revisit a given site, it’s faster to pull those saved items from the cache rather than download them again.
• Browsing history.
• Websites visited – The browser stores a list of web addresses a user has visited along with titles and visitation time. It sometimes offers to restore the last tabs that were inadvertently closed, thereby shortening the time it takes to reopen them. This is also helpful if the user wants to later revisit a closed website, since they can usually find the link in their browser history.
• Download history – The browser records all files that have been downloaded.
• Searches history – Every search term a user has used is saved so they can easily reuse it.

Source: https://talon-sec.com/blog/how-stored-browser-data-presents-risk-and-how-to-secure-it-pt-1/

 

In a completely sane world, madness is the only freedom (J.G.Ballard).

You need to login in order to vote