How to Manage Stored Passwords So You Don't Get Hacked
Chrome, Firefox, and Safari all provide built-in features that allow you to save your username and password for your favorite sites, making the process for entering your credentials a breeze when you revisit them.
While this automation does make your life a little easier, it definitely doesn't make it more secure. Someone else using your computer, whether it's a friend borrowing it or a thief who stole it from you, could essentially go fire up your web browser and log in to all of your accounts using the same feature.
Luckily, there are steps that you can take in order to prevent others from viewing your stored passwords or hacking into your accounts.
- How to check which usernames and passwords are stored
- How to view the passwords for each account
- How to delete an account from being stored
- How to stop your browser from storing future account information
To view saved usernames and passwords in Chrome:
- Click the Chrome menu (three-line icon) in the toolbar
- Select Settings
- Click Show advanced settings...
- Scroll down to Passwords and forms
In Manage passwords, you'll find out which websites you have your username and passwords stored for. To view a password, click on an account, then click Show. Thankfully, you have to type in your computer's admin credentials to view any of the passwords, so you don't have to worry about someone else easily viewing your account information.
To permanently delete a saved account's username and password, click to highlight it in blue, then click on the X on the far right.
To stop Chrome from prompting you to save your password every time you log in to a new website, uncheck the box next to Offer to save your web passwords.
If you're using FireFox, follow these steps to view saved usernames and passwords:
- Click on the Firefox menu (three-line icon) in the toolbar
- Select Preferences
- Go to Security
- Click on Saved Passwords
You can view all of your saved accounts in the Password Manager , and view their passwords by clicking Show Password. Unlike Chrome, you don't need to enter your computer's admin info, so be weary of what you have saved here (or use a master password, which I'll show you later).
Click on an account and choose Remove to delete it, or simply click Remove All to get rid of all your saved accounts.
Uncheck Remember passwords for sites to stop Firefox from storing your passwords going forward.
Once per session, you'll be asked to enter the password in order to view saved usernames and passwords. This feature is important so that other people using your computer can't easily view your stored credentials for your various web activities.
To find saved passwords in Safari:
- Click on Safari in the menu bar
- Choose Preferences
- Go to Password
To view passwords check the box next to Show passwords for selected websites, select an account from the list, then enter your computer's admin username and password. Remove an account credential by highlighting it, then clicking Remove.
To stop Safari from auto-filling your account information, uncheck the box next to AutoFill user names and passwords.
Now that you have a better idea of how many of your accounts are vulnerable, it's time to shore-up the passwords associated with them. Unfortunately, many of us use rather simple passwords: a phrase that means something important coupled with a few numbers at the end. Because of this, these passwords can easily be cracked, whether it's by computer software or someone that knows you well enough to make educated guesses.
To get a feel for how secure your password is, enter it into How Secure Is My Password. The website lets you know how long it would theoretically take for a computer to crack your password. The more intricate your password, the longer it will take the computer to figure it out.
If your password takes seconds, or even just a few hours to crack, you need to make it stronger. Change capitalization, add more numbers and/or characters, and make it a bit longer if it's too short.
- Never use dictionary words: certain hacking tools can create wordlists from dictionaries to easily crack your password
- Use all of the allowable character types: use at least one uppercase, lowercase, number, and special character in your password
- Use a passphrase: create a phrase or sentence and convert it into a single string of different characters. For example:
"I love skateboarding on the weekends"
can turn into
Additionally, you can use the first letter of every word in a sentence, then add specialized letters/numbers/characters to create individual passwords for every account. Say you want a password for Netflix:
"My favorite movie is Indiana Jones and the Raiders of the Lost Ark"
can turn into
According to How Secure Is My Password "I<3Sk8b0ard1ng0ntHew33k3nd$" would take 24 duodecillion years to crack, while "mfmiIJatRotLA:NTFLX" would take a quintillion.
Sounds pretty damn secure.
Now you've got strong passwords and you're feeling a little more secure, but how the hell are you supposed to remember all of them?! Not only are they difficult to recall on an individual basis, but if you're creating strong and unique passwords for each of your accounts, then remembering all of them could be a tad overwhelming.
With the help of a password manager such as LastPass and Dashlane, you don't have to worry about remembering those hard to remember passwords. Just use a single master password (that is never stored locally) to automatically log into all your accounts. Again, your master password is never stored locally, either on Dashlane or on Lastpass—instead, it is used to generate your secured private encryption key on the fly. Get more details here, but the point is, your master password cannot be found if you're device is ever compromised.
If you don't have strong passwords for all of your accounts, both LastPass and Dashlane give you the option to generate one and switch it out with your old one.
Once you're done using your computer and logging in to your accounts, you can easily log out of either password manager so that your computer doesn't automatically log you back in.
To learn more about how to set up a password manager on your computer, check out our guide on dealing with the Heatbleed vulnerability.
With this information in tow, you should have a pretty good grasp on how to keep your precious usernames and saved passwords from unwanted eyes. A few more tips that I would suggest:
- When logging in to an account on another computer, always make sure to say Not Now or Never when prompted if whether you want your password saved for this account (and don't forget to log out of those accounts).
- Never send precious passwords via text message or email. You never know when your keyboard might be keeping track.
- If possible, set up two-step authentication so that a numeric code is sent to your device or email when someone logs in to your account.