Why Browser Password Managers Are Not Safe For Your Business
Most of us are guilty of forgetting our passwords, and it’s no wonder why.
In an effort to tackle cybersecurity threats, online accounts are asking more of you when structuring passwords. Now, your passwords must reach a certain character length with a mixture of symbols, numbers and capital letters.
With more security, comes less convenience. Complex passwords can be a major hassle for businesses and their staff. It often results in password resets with two-factor authentication methods (i.e. receiving codes or links via email and mobile) and going further down the rabbit hole of creating more easy-to-forget passwords.
To combat this headache, the likes of Google Chrome, Microsoft Edge, Mozilla Firefox and Apple Safari have introduced built-in password managers. Once saved, your password will auto-fill when you return to that same website, ready to sign you in.
This eliminates the burden of memorising passwords. Although on the flip side of the coin: does greater convenience come with reduced security? Let’s examine the potential risks and what you can do to protect your business against them.
The Vulnerabilities Of Browser Saved Passwords
At first glance, it may appear as though browser password managers help speed up productivity – they automatically prompt you to save passwords, store all passwords in one place, and are free.
Despite all their upsides, they have one very big downside: they aren’t very secure. It’s important to note that browser developers are focused on creating a better experience for their users, and while there are security measures in place, convenience often trumps security.
This is why browser password managers don’t compare to independent password managers, where the core purpose is to offer advanced security features that stay ahead of evolving threats.
With this in mind, let’s take a look at the biggest vulnerabilities of browser password managers:
Increased Exposure To Local & Remote Attacks
A big problem with browser-based password managers is that your password security is directly tied to your device’s security. This means that if someone gains access to your device, either by finding it unattended or through a malware attack, your passwords are on full display in your browser. For this reason, browser saved passwords are a cybersecurity vulnerability in your business.
Third-party password managers give you an extra layer of encryption with a separate master password that protects your password manager. It also locks you out after a period of inactivity.
Password Generators Are Limited
Some website browsers like Chrome and Safari are now adding password generators that prompt you when creating a new account online. Although, their capabilities are quite limited compared to third-party password managers.
For instance, you’re unable to adjust the length of the password, customise the characters it contains or copy that password instead of saving it in the browser. You’re given much more freedom to customise your complex passwords with third-party managers.
Password Sharing Isn’t Supported
As browser password managers are limited to the browser itself, it doesn’t offer a secure method of sharing passwords.
This opens up another vulnerability as staff consider sharing sensitive passwords via email, SMS, instant messaging tools, etc. On the other hand, independent password managers offer convenient and flexible password sharing across collaborative teams.
Is Your Business Really At Risk With Browser Saved Passwords?
You’re probably tired of hearing how important it is to follow security steps when storing and managing passwords. Is it really that crucial, or is it just a fear tactic leveraged by cybersecurity professionals?
If you’ve never experienced a cyberattack before, it’s easy to be complacent around cybersecurity threats and adopt a “it won’t happen to me” mindset. As much as we’d like to think it would never happen to us, the truth is, cyberattacks are on the rise.
A major reason for this is digital expansion. Cybercriminals are finding new ways to breach human vulnerabilities now that we’re spending more time online as a result of distributed workforces and social distancing. According to the 2021 Data Breach Investigations Report (DBIR), 85% of data breaches involved some sort of human element (phishing, stolen credentials and human error).
Cert NZ’s quarterly reports show even more insight into the increasing number of businesses that have fallen victim to cybersecurity breaches. In its 2021 Quarter Three (Q3) Report, cyberattacks contributed to a $3.3 million financial loss to individuals and businesses.
Unfortunately, complacency surrounding cyber security has had irreversible damages on businesses. It’s important to define and assess your cyber risk appetite and evaluate the likelihood of a cyber breach in your organisation.
A Safer Alternative: Independent Password Managers
Standalone password managers like Last Pass are designed for security first, without compromising the convenience that users expect.
Independent password managers provide powerful security capabilities with business-wide password management and allow for secure cross-functional collaboration. Additionally, they offer a lot more than just storing passwords, here are just some of the features you can expect from Last Pass in particular:
- Company-wide admin control & password behaviour monitoring
- User directory integrations for IT teams
- A password vault for every user
- Secure password sharing
- Detailed security reports
- Hundreds of security policies
- Generate, save and fill passwords so your employees can focus on more important tasks
Making The Switch Is Easy: Contact Us
A recent survey by Last Pass revealed that 71% of 3,750 respondents across seven countries had worked remotely since the pandemic, and 70% spent more time online for personal entertainment and work.
With increased activity online, it’s never been more important to protect the most common entryway for hackers: passwords. Contact us today to switch to a password manager and start securing your most sensitive information.
