![]() This means that from a regular user's point of view, the barrier to entry is incredibly low. Everyone uses a browser these days, and all major browsers come with built-in password managers. Using a browser's built-in password manager: Since you asked for Pros and Cons of real life scenarios, I'll detail the pros and cons of using a browser's built-in password manager in comparison to an offline password manager like Keepass, and not using a password manager at all. ![]() The reason for this decision is that regular users are more easily convinced to use a system that is convenient for them, rather than a system that is more secure, but harder to use. Password managers built into browsers are primarily there for convenience, and security plays a lesser role. ![]() Security often comes at the price of convenience, and convenience often comes at the price of security. ![]() Not as good as a password manager, better than nothing. What are the pros and cons in real-life scenarios? (I wonder if a better solution to Chrome's current one (which allows users to reuse easily guessed passwords across websites) would be to force (or encourage) the user to only save unique and complex passwords?) (In any case that would obviously be the ideal, but security has to factor in practicality - and the average user isn't going to remember a unique password for every website.) However if you're more likely to be susceptible to remote attacks by strangers, then having unique passwords stored on every website is likely to improve your personal information's security. In terms of attack vectors, it seems that if you feel you're more likely to be open to a physical attack (or attack from someone you know), then saving passwords into a browser could be a very bad idea. I probably trust Google to detect and protect me from unusual activity more than almost any other online service (which isn't to say they're infallible, obviously).If I use a uniquely generated password on every website, and save them into Chrome, no other websites accounts will be made vulnerable from another website security breach.and that's just the known hacks.) In that same time I've never had a computer stolen or been subject to a physical security breach. (Including big companies like Adobe, LinkedIn, Kickstarter, etc. According to HaveIBeenPwned I have had my email address and passwords shared online dozens of times thanks to hacks to websites.There's no "master password" (outside of your OS password) to protect them if someone should get logged in access to your computer.Someone could potentially hack into your Google account, sign into Chrome, and also get access to all your passwords.If someone gets physical access to your machine, there's only the OS password between them and every password you've ever saved.However, I don't know if I agree with them all. There's lots of rants against Chrome's current password saving policy, and lot's of articles warning against it. I'd like to know if things have changed, especially now that Chrome has become more aggressive about asking users to save their passwords, and those passwords being associated with a cloud account. There's a few questions here along these same lines already, but they're nearly a decade old.
0 Comments
Leave a Reply. |