Why You Should Not Use your Browser’s Password Manager

There are a number of reasons why you should avoid using the built-in password manager:

  1. Anyone who has access to your computer can get to all of your websites, often including banking sites. This may be fine for a desktop that is in a secure location but is a very bad idea for laptops and mobile devices, especially phones.
  2. They generally have poorer quality password encryption than third party password managers.
  3. That oh-so-convenient autofill that enters your password for you allows somebody to log in to the site and change your password. Although viewing passwords is better protected, if you have autofill enabled, then your passwords are vulnerable not just to somebody getting at your device, but to “scraping” scripts designed to get information entered into websites.
  4. With the exception of recent versions of Safari, browser password managers do not auto-generate strong passwords.

How to Remove Stored Passwords on Every Browser

Here is how to remove those stored passwords from the major browsers.

Chrome (Desktop)

Chrome browser

  1. Click the three dots in the top right and go to Settings.
  2. Click on Advanced.
  3. Scroll down to Passwords and Forms and click on Manage Passwords.
  4. Turn off both the “Off” toggle and the “Auto Sign-in” toggle.
  5. Delete the list of saved passwords that appears below it.

Firefox

mozilla firefox

  1. Click the three horizontal lines in the top right and go to Options.
  2. Click the Privacy and Security link on the left side.
  3. Go to Forms and Passwords
  4. Uncheck the box for “Remember logins and passwords for websites”
  5. Click on Saved Logins.
  6. Delete the listed passwords.

Internet Explorer

  1. Open the Tools menu
  2. Select Internet Options
  3. Click Content
  4. Go to AutoComplete then click Settings
  5. Click on Delete AutoComplete history
  6. Uncheck AutoComplete for User names and passwords on forms, then click on OK.

Edge

Edge browser

  1. Click the three dots in the top right and go to Settings
  2. Click Advanced Settings
  3. Toggle Offer to save passwords to off
  4. Click Manage my saved passwords
  5. Click the X next to each password

Safari (Desktop)

Safari browser

  1. Open the Safari menu
  2. Select Preferences
  3. Go to the Autofill tab
  4. Uncheck User names and passwords
  5. Click the Edit button for Usernames and Passwords
  6. Delete the listed passwords

Opera

Opera Browser

  1. Open the Tools menu
  2. Select Advanced
  3. Click on Password Manager
  4. Delete the listed passwords
  5. Open the Opera menu
  6. Select the Privacy & Security tab
  7. Under passwords, turn off “Offer to save passwords I enter on the web.”

Chrome (Android)

  1. Tap the three dots in the top right
  2. Click settings
  3. Select Smart Lock for Passwords or Passwords
  4. Turn Save passwords off
  5. Uncheck auto sign-in
  6. Click on each password
  7. Click on the trash can

Safari (iOS)

  1. Go to settings
  2. Scroll to Passwords & Accounts
  3. Toggle AutoFill Passwords off
  4. Click on Website & App Passwords
  5. Click on a password
  6. Click edit
  7. Select each password
  8. Click delete

As you can see, it’s easier to turn off password storage in the first place. Some browsers allow you to delete only specific websites, while others force you to delete all of your passwords. You may want to let your browser store low security passwords such as your kids’ online games, but not banking passwords.

However, it is generally better not to store even “unimportant” passwords, as you will rapidly get into the bad habit of relying on password storage.

What if you Really Can’t Remember All Those Passwords

Remembering strong passwords really is a challenge for most of us. If you can’t remember your passwords, the temptation can become extreme to just use the same password everywhere, resort to browser auto-fill, or write passwords down.

All of these habits are bad ones to get into. Using passphrases instead of passwords is one way to help, but some sites don’t allow them or require special characters that can overcome the best mnemonics.

The alternative is to get a proper third-party password manager. Some of them are even free. A password manager will set a complex, strong password for each of your sites, and you access it all with a single master password.

weak passwords

People know the dangers of weak passwords, but create and use them anyway

You should choose a password manager you find easy to use (and thus will comply with properly). Select a password manager that has no way to recover the master password if you lose it. Whilst resetting all your passwords is a pain, it is very easy for hackers to access password recovery.

Ideally, you should also use two-factor authentication, generally using a smartphone. A premium, paid password manager should also monitor your accounts for breaches, and even the free ones will often warn you if you are reusing passwords or using passwords which are too weak.’

Additionally, never enter your passwords on a strange device, especially a public computer. There may be keyloggers, and it is far too easy to accidentally choose the store password option, possibly leaving your banking credentials for the next person to use that computer.

In short, relying on the so-called password managers built into web browsers is a bad idea. An easy way to improve your security is to delete those stored passwords, turn off password storage, and switched to a third-party password manager such as LastPass or KeepPass.