Browser-based password managers lack the security and features of dedicated password software. They’re still better than nothing, right? Even if you use unique passwords for each of your accounts, according to a new analysis from AhnLab ASEC, keeping passwords in your browser leaves you extremely exposed to hackers.
Researchers at AhnLab ASEC discovered that hackers acquired company login information from a remote worker’s browser while probing a recent data breach. To get this login information, the hackers utilized a common malware called RedLine, which costs between $150 and $200. Antivirus protection failed to identify the infection, which was most likely spread via phishing email.
Password management features are enabled by default in browsers like Chrome and Edge, and they maintain track of all login attempts, including the date and time, the website URL, and any username or password you used. Hackers may use or sell this data to bad actors, and RedLine can access and interpret it.
You must totally disable your browser’s built-in password management capabilities to circumvent this issue. Telling your browser not to remember login data for a specific site isn’t enough; your browser will still log the site’s URL, which hackers can use to brute-force their way into your account without your login credentials. (This information is especially essential if you’re logging in to a work account that requires access via a VPN or firewall.)
We strongly advise utilizing specialist software instead of your browser’s built-in password manager. There are a plethora of excellent free and commercial password managers available, and you can quickly export your Chrome, Edge, or Firefox passwords to a password manager.