Did you know that Chrome saves passwords?

++ EDITED REPLY ... fixed some grammar and typos

That is true JR, but let's not forget that installing extensions, add-ons, or plug-ins also make the most secured web browsers prone to leaking.

Most important is, to keep in mind that web browsers with webRTC protocol enabled also leak your DNS queries, and reveal your private network IP addressing.

There's a lot more involved that should be combined with safe online hygiene habits rather than just saving passwords in a centralized secured location.

That said, just like backing up data frequently to the same storage location, Is it a good practice to save passwords centrally in the same directory to begin with?

Is the directory where the browser passwords are saved to properly encrypted? 

If yes, what type of encryption? 

And even if encryption exists, how can we ever be sure that the password manager security vault is not compromised by an attacker or a cyber criminal?

You may also have to spend some extra time in learning how to disable the hidden experimental features that are shipped and activated by default in all modern families of web browsers. 

Most of these hidden features are designed to share with third-parties even more about the user interactions on the web.

I would say to go old school; memorize your own passwords and change them periodically.

While incovenient as this may be, not because a password manager makes it  more secured than a web browser's built-in password manager, and not because an external password manager with encryption makes it easier for a user to stayed signed in in multiple devices or multiple web sites, employing the use of an external password manager doesn't necessarily mean that it won't become compromised at some point.

Just think about it:

One password  giving access to every device and  every online sites that we unlock on a daily basis through our favorite web browser(s)?

If you use Windows or macOS or you search with Google or you surf Amazon, not to talk about Cortana, Siri, Alexa... you are using well-organized spyware who know more about your life than anyone else you included.

All browsers are doing some kind of password storing. The question really is if you trust your vault or not.

Don't forget in FireFox you can also check if you have been compromised. To check use something like FireFox Monitor. Works really well.

https://monitor.firefox.com/

>Are you asked each time?

Yes, when I enter a password at a new site

If this is happening only with your Google Chrome web browser, I think that you can adjust those settings, but it is not done through the web browser.

You must go online and sign in with your Google account credentials at:

• https://myaccount.google.com

There are some security & privacy, and data sharing settings that can be tweaked to avoid been asked for a password every time, spcifically on third-party apps services like Dropbox, for example, or websites.

I think I misunderstood the question

I am asked if I want to save a new password when I go to a site and enter a password that is not in the list, before the password is saved in the list

I use LastPass to actually manage my passwords

 I think I misunderstood as well.

I also think that there is a big distinction between an actual password manager and password manager solutions.

The latter are handled entirely by a single entity or a partnered company online, plus part of the setup involves installing a browser add-on ( or extension) on top of  already  unsecured web browser(s).

I may have to ask though:

• is the LastPass add-on extension for Chrome in for Windows, Linux or Mac?

• According to some password managers reviews that I am checking out , there seems to be some features in Windows that may not be supported anymore, OR, lack of features that limit the ability for the users to use the LastPass Admin tools simply because they're not included.

• Are you using the free version or one of their paid plans?

• If you're currently a paying customer of LastPass, Did you contacted their customer support and see what they have to say?  

Also, in their support videos they make a very specific note on how to setup the Master Password before proceeding with adding accounts or services to use with single sign-on's.

 As  a Google Security Team warned back in September 2016 (according to forbes.com "Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak"), what you're describing, in my opinion, could or may be a security issue or exploit that has not  been properly addressed by LastPass.

You shouldn't see the last password(s) that were used, specially if you've set a master password to manage single sign-on's to access multiple sites and services online (besides 2FA and other encrypted features).

Some websites, like Yahoo, Adobe, Google, Microsoft, actually always offer the option to stay signed-in by default, which seems to be convenient and a normal things nowadays.

But what if the user hits a malicious website that has the ability to hijack your web browser and capable of reading your screen remotely, accessing the contents of your OS clipboard, keylogging as you type, malicious redirects to a sign-in page that looks like a legitimate log-in page?!?

Below is a recent list of password manager solutions that have been hacked and a summarized breakdown of how these services should work:

• https://cybernews.com/best-password-managers/are-password-managers-safe/

I hope that I am wrong in everything that I've posted since you seem to be very optimistic about your LastPass password manager. Nevertheless,  it is still  the Internet we're talking about.

I am not having any password problems... I simply noticed something that I did not know about Chrome saving passwords and made a comment

I apologize, then I misunderstood completely.

You would be surprised.

A computer networking instructor said to his class one day that the safest computer on Earth is the one that you  bury 20 feet deep below the ground.

He added, dig a hole about 20 feet deep, then lock that computer with chains and combination padlocks.

Then pour in concrete all over it to cover the hole where it was buried... and then cover the sitesome more with another thick layer of dirt and soil... just to make  sure that this computer will never ever be connected to the Internet again.

That made me smile.

With my method, I would at least know I'd been hacked 🙂