“Someone cracked my password. Now I need to rename my puppy.” ~Unknown


Happy July. 

Today I thought I would cover browser hygiene.  Assuming you have been paying attention, you know passwords should be at least eight characters long. You know passwords should be complex, meaning it should contain upper case  letters, lower case letters, numbers and symbols.   You should have a unique password for each site.  But did you know you should NOT save them in your browser?  Here’s why:

If your browser becomes compromised, your passwords are also compromised.

There is a malware going around.  It is called Redline Stealer.  It can bypass antivirus and  tags along via random downloads.  Once it is in your computer it collects the saved user names and passwords for the various sites you have saved.  

If you would like to read a horror story, go here: https://nypost.com/2022/01/02/experts-warn-against-storing-passwords-in-chrome/  Not only did Redline steal a remote worker’s passwords, it also gained access to the employers network. Three months later, bad actors easily accessed the employers networks via a secure VPN.  This is a perfect word picture for chaos.

Browsers remain logged in.

The security of your accounts are only as secure as your browser.  If you login to Chrome or Edge or Firefox, and never log out, then anyone sitting down at your workstation has full access to every site you have saved.  The same is true if your device is lost or stolen.  Were you clever enough to set up double authentication?  Let’s hope it double authenticates to your cell phone and not to your email!  If your email is on the lost or stolen device then double authentication isn’t going to do much to protect you.

Want to stop the browser from saving your passwords?

Step 1: find the Settings menu.  Look in the top right corner of the browser for the 3 dots / lines.  Each browser is unique.  (Wouldn’t want to violate copy right or trademark laws, don’t you know!)

Chrome: Settings -> Autofill and Passwords -> Password Manager -> Toggle off “Offer to save passwords.”

Edge: Settings -> Profiles -> Passwords. Toggle off “Offer to save passwords.”

Firefox: Settings > Privacy & Security. Scroll down to Logins and Passwords and uncheck “Ask to save logins and passwords for websites.”

Want to delete your browsers saved passwords:

Chrome: Settings -> Autofill and Passwords -> Password Manager ->  Click the right pointing triangle next to each password entry, then select “Delete.”

Edge: Settings -> Profiles -> Passwords. Click the three stacked dots next to each password entry, then select “Delete.”

Firefox: Settings -> Privacy & Security. Scroll down to Logins and Passwords and click “Saved Logins.” You’ll be taken to a new tab entitled “Firefox Lockwise” that will list all your saved passwords. In the upper right of the tab, click the three horizontal dots and select “Remove All Logins.” 

If you’d rather remove only some passwords in Firefox and keep others, you can select each entry individually in the left-hand navigation column on the Firefox Lockwise page, then click “Remove” in the upper-right part of the entry displayed in the main part of the page.

Stay Safe, Stay Healthy, Have a Wonderful Summer!

Janet

SECURITY DUCK
You know you are safe when
security duck is on patrol