Entrusting passwords and credit cards to your browser: what are the limits, what are the risks?

The integrated password and credit card storage integrated into all browsers is so convenient that it is difficult not to succumb to it. Why bother taking your credit card out of your wallet when your web browser can memorize it for you? A practical functionality, yes, but with limitations. Whether it is Chrome, Firefox, or Safari (and even Edge), all of them now offer features to remember or generate passwords or credit card numbers and synchronize them between different devices. On condition, of course, that you link your browsers to user accounts.

The main limitation: the main account that can be hacked

Are your passwords and credit cards secure when they are stored on your browsers? Overall, yes. If we stick to Chrome, accessing your passwords (in plain language) requires you to enter your Google Account password systematically. It is both the primary security (your Google Account password is robust, isn’t it?), but also the greatest weakness of this system: if a hacker manages to access your account (there are many techniques), he also manages to get his hands on the rest of your passwords. It is this limitation that probably explains why credit card numbers are only stored locally by Chrome and are not synchronized with Google Account.

The best solution at the moment: use a password manager

Today, nothing prevents you from using Chrome, Firefox, or Safari to remember your passwords or from using their memory to remember your credit card numbers. But there are tools specifically designed to retain and protect your sensitive data: these are password managers.

The principle is simple: the application records all passwords, credit card numbers, personal documents, or private notes and protected by a master password. It is the only password the user must remember. Besides, many additional layers of security are much more secure than a web browser.

Each time you connect to a new device, you must connect from an approved device to ensure your identity. Some have double authentication that limits the risks of brute force attacks and hacking.

Once passwords and credit cards have been registered, the application automatically informs them about the websites or applications concerned, without ever showing them in cleartext. And mainly whatever the device used. Indeed, in the Premium version, this type of application can be synchronized on all the user’s devices on which the application is installed: on a computer (PC, Mac or Linux), but also mobile (Android or iOS).

Marcelle