Cybersecurity

9966 readers

177 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Is it bad to save passwords to browser? (lemmy.ml)

submitted 2 weeks ago by OhVenus_Baby@lemmy.ml to c/cybersecurity@sh.itjust.works

9 comments fedilink hide all child comments

The autofill prompt in browsers like librewolf. Or should you save passwords with a manager? I like the aspect of autofilling passwords and certain data.

you are viewing a single comment's thread
view the rest of the comments

[–] groet@feddit.org 3 points 2 weeks ago

If you do not set a master password for the browser (that you have to type before the saved passwords are filled in), the despite what others have written, the passwords are not really encrypted. They are, it just doesn't matter. Because they are encrypted with the password of you OS user. So they are unreadable if someone steals your device or to any other users on your system, but any malware that runs in your user context has full access to the passwords any time you are logged on to the machine.

Of course if you have malware on your system they can also log your master password as you type it, same with any other password manager. If you unlock the password save, it is available to malware in that moment.

Also if you use passwords for anything other than websites you should have a password save for those passwords as well so why not have one single save instead of one in your browser and one outside of it.

Tl:dr saving passwords in your browser is fine but you should absolutely set a master password. External password manager can be more pragmatic compared to browser only.