Yes, anyone who has access to your web browser or uses malicious software to hack it will be able to access the passwords saved in your browser. These known security flaws in browser password managers are often ignored because they are convenient to use. However, your passwords are not secure in a browser password manager.

Continue reading to learn more about the risks of using browser password managers and what you should use instead. 

A browser password manager is a free password manager built into your browser’s software. Browsers like Chrome, Firefox and Opera have built-in password managers with features like autofill and a password generator. Sometimes they may also store credit card information.

A dedicated password manager is standalone cloud-based software for securely storing passwords and other confidential information. All stored data is protected by a master password, which is the only password you need to remember. This software is often created by cybersecurity companies and available for free or at a low monthly price. The software is feature-rich and has strong encryption to keep your data safe.

Unlike dedicated password managers, browser password managers only work for web pages within the chosen browser and not in other applications. They have limited record types, meaning they aren’t useful for storing anything but passwords and sometimes credit card numbers. Browser password managers are not only less secure, but they lack features that are standard in dedicated password managers.

Browser passwords managers are risky and have inherent flaws in their security, design and construction.

Here are a few reasons why browser password managers are dangerous.

Malware, which is malicious software used to carry out cyberattacks, gives cybercriminals access to your computer. Since browsers are not typically password protected, a cybercriminal would be able to open your browser and view all your passwords in plain text. 

Redline Stealer is an example of malware that has been a widespread threat since 2020. It can steal passwords from your browser and allow cybercriminals to put them up for sale on the dark web. To stay protected from malware like Redline Stealer, you need to store your passwords in a dedicated password manager that uses the best security to keep your passwords safe from cybercriminals. 

Browser password managers are often left logged in. That means if someone uses your browser on your device, they will easily have access to the passwords saved in your browser.

If your laptop is stolen or hacked, the cybercriminal will have access to all your important accounts and be able to steal your money or even commit identity theft.

Standalone password managers usually have browser extensions that automatically fill in your passwords, but the user is required to log in so the passwords would not be accessible to anyone who gains access to your computer.

Browser password managers do have encryption, but it’s not particularly secure. The encryption key, which allows users to decrypt information, is stored in easy-to-find locations on your computer. That means any cybercriminal who gains access to your computer would be able to find it. Once a threat actor has your encryption key, it’s simple to decrypt and steal your credentials.

Zero-knowledge encryption, in which the encryption key is derived from a user’s master password, completely protects your data. With zero knowledge, no one can access your passwords without your master password – even if they have access to your computer. 

That means in a standalone password manager, data is protected both at rest and in transit. Even if someone hacked into the cloud where your encrypted data is stored, they wouldn’t be able to read the data because they wouldn’t have the encryption key to decrypt it.

2FA or Multi-Factor Authentication (MFA) is a critical security feature that allows you to use one or more additional methods of authentication for logging in. This is important because if a cybercriminal gets your credentials, they won’t be able to log in without at least a second method of authentication.

There are several types of 2FA, some of which are more secure than others. For example, temporary codes sent to your phone through SMS text are common and convenient, but not the most secure option since they can be intercepted through a SIM swapping attack. Other MFA types include hardware keys and Time-Based One-Time Passwords (TOTP).  Browser password managers offer limited 2FA options. They may offer TOTP if you’re lucky, but they are less likely to offer hardware security keys as an authentication method.

Since hardware security keys are the most secure authentication method, this makes browser password managers inherently less secure.

One of the reasons browser password managers are so risky is because their lack of security makes it easier for a cybercriminal to steal your passwords.

With stolen credentials, cybercriminals can get into your accounts, including bank and email accounts. Your online accounts contain lots of sensitive information and access to financial services such as banks. With your stolen credentials, cybercriminals may be able to steal your money, steal Personally Identifiable Information (PII) such as your Social Security number or even go as far as stealing your identity.

To protect your passwords, you should disable the built-in password manager in your browser so it doesn’t accidentally save any passwords. You should also refrain from storing passwords in a spreadsheet, document or notebook.

The best way to keep your passwords safe is to use a dedicated password manager with zero-knowledge encryption. Use it to generate strong, unique passwords for each of your accounts and store them in the password manager’s secure vault.

Don’t accept the limitations and security risks of built-in browser password managers. Use a dedicated password manager like Keeper Password Manager.

Keeper is a zero-knowledge password manager with industry-leading security and features. We make it easy to generate, store and securely share confidential information, passwords and passkeys. Check out our 30-day free trial to start streamlining your digital life.