Passwords - Disabling Browser Retention of Passwords
Overview
This article details the setting adjustments needed to turn off a browser's ability to save passwords used to log into web pages.
While web browsers offer the convenience of saving and auto filling passwords, there are potential risks associated with relying solely on browser-based password management:
Security Vulnerabilities: Browsers are complex software systems, and like any software, they may have vulnerabilities that can be exploited by malicious actors. If there's a security flaw in the browser, it could potentially compromise the stored passwords.
Unauthorized Access: If someone gains access to your computer or device while it is unlocked, they may be able to view and use your stored passwords. This could happen in situations where you leave your device unattended.
Cross-Site Scripting (XSS) Attacks: XSS attacks involve injecting malicious scripts into websites. If a website you visit is compromised, these scripts may attempt to extract your stored passwords from the browser.
Syncing Risks: If you use the browser's syncing feature across multiple devices, your passwords are transmitted and stored on the cloud. This creates an additional risk, as compromise of your cloud account could potentially expose all synced passwords.
Limited Security Features: Browser-based password managers may lack advanced security features provided by dedicated password management tools. These features include two-factor authentication, secure password generation, and the ability to audit and monitor your passwords.
Privacy Concerns: Some users may have reservations about their passwords being stored by a third-party entity (the browser provider). They may be uncomfortable with the idea of their sensitive information being stored or potentially accessed.
Not Ideal for Multiple Accounts: If you have numerous accounts with different passwords, a dedicated password manager is often better equipped to handle the complexity. Browsers might not be as efficient at organizing and securing a large number of passwords.
Given these potential risks, it is advisable to use a dedicated password manager. Password managers provide more robust security features, encrypted storage, and often include tools for generating and managing complex, unique passwords for each of your accounts.
Instructions
The instructions below detail the means to 'disable' the password saving features in various types of web browsers. If you do not see the browser you use please refer to the browser manufacturer's support page as needed.
Note: Due to regular updates to browsers these instructions may be antiquated so please do not rely on these as a single source of truth but rather a guide to getting to the settings are for each browser. This article will be updated on a regular cadence to account for potential changes.
- Open Chrome and click on the three dots in the upper-right corner.
- Select "Settings" from the menu.
- Scroll down and click on "Auto Fill and Passwords."
- Click on the "Google Password Manager" option
- Click on the "Settings" option
- Toggle off the "Offer to save passwords" switch.
- Open Firefox and click on the three horizontal lines in the upper-right corner.
- Select "Settings".
- Navigate to the "Privacy & Security" tab.
- Scroll down to the "Logins and Passwords" section and uncheck the box labeled "Ask to save logins and passwords for websites."
- Open Edge and click on the three dots in the upper-right corner.
- Select "Settings."
- Scroll down and click on "Passwords."
- Under "Privacy and services," turn off the "Offer to save passwords" toggle.
- Open Safari and click on "Safari" in the menu bar.
- Select "Settings."
- Go to the "Passwords" tab.
- Uncheck the box next to "Autofill usernames and passwords."