I just recently discovered this... in the Chrome web browser enter
Many browsers save passwords.
So does windows.
I use KeyPass.
The issue is whether you trust your browsers to store your passwords or use a password manager.
>use a password manager
I use a program named LastPass and found the password page in Chrome by accident
Don't forget that Chrome is a spyware (unlike Firefox or Opera).
++ EDITED REPLY ... fixed some grammar and typos
That is true JR, but let's not forget that installing extensions, add-ons, or plug-ins also make the most secured web browsers prone to leaking.
Most important is, to keep in mind that web browsers with webRTC protocol enabled also leak your DNS queries, and reveal your private network IP addressing.
There's a lot more involved that should be combined with safe online hygiene habits rather than just saving passwords in a centralized secured location.
That said, just like backing up data frequently to the same storage location, Is it a good practice to save passwords centrally in the same directory to begin with?
Is the directory where the browser passwords are saved to properly encrypted?
If yes, what type of encryption?
And even if encryption exists, how can we ever be sure that the password manager security vault is not compromised by an attacker or a cyber criminal?
You may also have to spend some extra time in learning how to disable the hidden experimental features that are shipped and activated by default in all modern families of web browsers.
Most of these hidden features are designed to share with third-parties even more about the user interactions on the web.
I would say to go old school; memorize your own passwords and change them periodically.
While incovenient as this may be, not because a password manager makes it more secured than a web browser's built-in password manager, and not because an external password manager with encryption makes it easier for a user to stayed signed in in multiple devices or multiple web sites, employing the use of an external password manager doesn't necessarily mean that it won't become compromised at some point.
Just think about it:
One password giving access to every device and every online sites that we unlock on a daily basis through our favorite web browser(s)?
If you use Windows or macOS or you search with Google or you surf Amazon, not to talk about Cortana, Siri, Alexa... you are using well-organized spyware who know more about your life than anyone else you included.
All browsers are doing some kind of password storing. The question really is if you trust your vault or not.
If by saving a password with a password manager you meant to have secured single sign-on(SSO) sessions accross multiple applications, and harnessing your online identity is something that concerns you, check out SAASPASS .
@John T Smith wrote:
I just recently discovered this... in the Chrome web browser enter
Saved passwords can be viewed and deleted. Are you asked each time?
>Are you asked each time?
Yes, when I enter a password at a new site
If this is happening only with your Google Chrome web browser, I think that you can adjust those settings, but it is not done through the web browser.
You must go online and sign in with your Google account credentials at:
There are some security & privacy, and data sharing settings that can be tweaked to avoid been asked for a password every time, spcifically on third-party apps services like Dropbox, for example, or websites.
I think I misunderstood the question
I am asked if I want to save a new password when I go to a site and enter a password that is not in the list, before the password is saved in the list
I use LastPass to actually manage my passwords
I think I misunderstood as well.
I also think that there is a big distinction between an actual password manager and password manager solutions.
The latter are handled entirely by a single entity or a partnered company online, plus part of the setup involves installing a browser add-on ( or extension) on top of already unsecured web browser(s).
I may have to ask though:
Also, in their support videos they make a very specific note on how to setup the Master Password before proceeding with adding accounts or services to use with single sign-on's.
As a Google Security Team warned back in September 2016 (according to forbes.com "Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak"), what you're describing, in my opinion, could or may be a security issue or exploit that has not been properly addressed by LastPass.
You shouldn't see the last password(s) that were used, specially if you've set a master password to manage single sign-on's to access multiple sites and services online (besides 2FA and other encrypted features).
Some websites, like Yahoo, Adobe, Google, Microsoft, actually always offer the option to stay signed-in by default, which seems to be convenient and a normal things nowadays.
But what if the user hits a malicious website that has the ability to hijack your web browser and capable of reading your screen remotely, accessing the contents of your OS clipboard, keylogging as you type, malicious redirects to a sign-in page that looks like a legitimate log-in page?!?
Below is a recent list of password manager solutions that have been hacked and a summarized breakdown of how these services should work:
I hope that I am wrong in everything that I've posted since you seem to be very optimistic about your LastPass password manager. Nevertheless, it is still the Internet we're talking about.
I am not having any password problems... I simply noticed something that I did not know about Chrome saving passwords and made a comment
I apologize, then I misunderstood completely.
I never let the browser store my password for any site in which I have a credit card (or Paypal account) saved. I use LastPass with a very long, complicated master password.
I'm very old school here I must say.
My passwords are in a notepad locked in my desk drawer.
I 'm thinking that it's much harder to hack my drawer or my house 😉
You would be surprised.
A computer networking instructor said to his class one day that the safest computer on Earth is the one that you bury 20 feet deep below the ground.
He added, dig a hole about 20 feet deep, then lock that computer with chains and combination padlocks.
Then pour in concrete all over it to cover the hole where it was buried... and then cover the sitesome more with another thick layer of dirt and soil... just to make sure that this computer will never ever be connected to the Internet again.
That made me smile.
With my method, I would at least know I'd been hacked 🙂