Tech Chop: Why You Shouldn't Save Passwords In Your Browser

In this week's Tech Chop we take a look at why you should never save your passwords in your browser using the default password cache. It doesn't matter if you are using Internet Explorer (IE), Firefox or Chrome. If you are saving your passwords using the built in cache, stop it now because those usernames and passwords are easily found using either one of the following four tools:

IE PassView
PasswordFox
ChromePass
OperaPassView - (Not mentioned in the video)

All four tools are free from a small software company called Nirsoft. All one has to do to find passwords saved in the browser is open any one of the tools as the user. Seriously, just double click to open it up and any saved passwords are automatically displayed. No brute-forcing, or hacking required because all of that information is stored in plain text.

Instead we recommend using a password manager to store your passwords. Two that we recommend are KeePass and LastPass. KeePass is a desktop application that stores passwords in a local encrypted database. There are plugins for your favorite browsers that will allow internet forms to be auto-filled. You can find a list of plugins and other cool stuff for KeePass here. Also, if you want to take your passwords with you, you can save your database in a folder that is synced by a file sync tool like DropBox, LiveMesh or Ubuntu One.

LastPass however is a cloud based encrypted password vault. It's the one I use because I don't have to set up anything special to sync the passwords. When you install their software, plugins are automatically installed to allow forms to be auto-filled, and any passwords saved are synced to your vault in the cloud. This service is free, but if you want to use LastPass on your mobile device, you need to pay for their premium service for $1 per month.

You may already know about password vaults, and already use them. Your friends and family probably don't though. Do them a favor, and share this video with them. Everyone needs to know how easy it is to grab passwords if they use the default password cache in their browsers.