Wednesday, July 17, 2019
facebook
Science Technology

Posted at: Jun 8, 2019, 12:36 AM; last updated: Jun 8, 2019, 12:36 AM (IST)

Save password? Never!

The safest of passwords are vulnerable if you save them on computer
Save password? Never!

Sangeet Toor

Isn’t it convenient to just ask your browser to remember all your passwords? It truly is. But here is the flip side of doing it – it is the worst idea. You might want to hear the story of Aman (surname withheld), an IT professional, educated, and aware of the security pitfalls. She set the most complex passwords of all times, 16 characters long, uppercase, lowercase, special characters, numbers, etc. She has a different and unique password for each account — email, social media, LinkedIn, Uber, Pinterest, netbanking and what not. But it was difficult to remember all those passwords. Chrome comes to her rescue, and asks her if it can remember the passwords. She clicked ‘Save’.

One day, she left her system unlocked to talk to a colleague for a few minutes. During that time, someone accessed the browser Settings available in the far-right menu for Chrome. All her complex, very safe, hard to crack passwords were gone within minutes. 

Let’s take a look at what can be remembered by the browsers:

  • Username
  • Password
  • PIN
  • Credit Card Information, excluding CVV
  • Any data filled in online forms
What is at stake

  • Your online credentials are simply vulnerable as soon as the browser has saved them. The convenience comes at with a price tag. Your online accounts can be easily owned by John Q. A hacker gets them as soon as your system is hacked. If your system gets stolen, your credentials will be get stolen too.
  • Your personal information filled in generic forms online can be easily stolen and used by a street smart Joe to impersonate you.
  • You credit card/debit card numbers, expiration dates, etc. can be used by just another ordinary Jill to splurge and spend on herself. You money will be gone very easily.
  • If you don’t type them regularly, you will eventually forget your own passwords.
What can you do

  • Do not ask the browser to remember your credentials. You can actually go to the Settings, and turn off ‘Offer to save password’ tab. Sometimes, people don’t click on Save or Yes intentionally. Someone might be in a hurry to access the Gmail account and when a dialogue box opens on the upper, right hand corner, the instinct is to click on Save button so that such hurdles are out of the way at the earliest. Just so the browser doesn’t keep throwing such a generous but risky offer, simply turn it off in the Settings.
  • Do the remembering part yourself. You are your own best bud. Keep this secret to yourself. It is understandable that multiple accounts and the need to set a unique password for all the accounts can be a daunting task, but you can create your own safe, secure and secret formula of easy recall. Set a root phrase that you can easily remember, like ‘behonest’. Make is complex, B3h0nest. Remember just this one. For Facebook account, the password can be F@ceB3h0nestBo0k. For Gmail account, you can change it to, GMa!B3h0nestL. It is an example. You can be creative with the formulas if you will remember the formula and the root phrase itself.
  • You might have noticed how when you login to Gmail from your friend’s laptop, the browser asks if you should be remembered on that system. Untick ‘Don’t ask on this computer again’. It might seem a hassle to type in the password and OTP each time you log in from a system which is not yours, but typing in the password and OTP are additional layers of security. Keep them on.
  • Best tip: Set a strong password that you remember yourself and turn on two-factor authentication.

COMMENTS

All readers are invited to post comments responsibly. Any messages with foul language or inciting hatred will be deleted. Comments with all capital letters will also be deleted. Readers are encouraged to flag the comments they feel are inappropriate.
The views expressed in the Comments section are of the individuals writing the post. The Tribune does not endorse or support the views in these posts in any manner.
Share On