Unpopular opinion: are browser-based password managers better than stand-alone?
After the LastPass databreach, doubts have been raised in the cybersecurity community about the actual security of password managers. Personally, I have always held a fairly unpopular opinion: password managers built into browsers are more secure than stand-alone.
In this article I’ll discuss the convenience and security of password managers built into browsers in more detail, comparing these managers to standalone options and providing a list of pros and cons for both options.
Convenience?
One of the major advantages of password managers built into browsers is their convenience. These managers can seamless fill in login information for websites, without any additional setup.
Another convenient feature of built-in password managers is the ability to sync information across multiple devices. This allows users to easily access their login information regardless of location. This can be especially useful for people who use multiple devices throughout the day, such as a work computer and a personal phone. This feature also allows users to easily switch between devices without the need to manually transfer login information, or without install additional software (operation that could increase the attack surface).
Popular browsers with built-in password managers include Google Chrome, Mozilla Firefox, and Apple Safari. These browsers offer a seamless integration of the password manager into the overall browsing experience, suggesting strong passwords when signing up for a new account.
In conclusion, built-in password managers offer a convenient way to store and access login information. The automatic filling of login information and the ability to sync information across multiple devices are two major advantages of these managers. Additionally, the integration of these managers into popular browsers makes the overall experience more seamless and user-friendly.
But, what about security?
Another advantage of password managers built into browsers is their security.
Standalone password managers can be vulnerable to hacking or data breaches, but built-in password managers are integrated into the browser itself. Of course, browsers themselves can also fall victim to vulnerabilities and attacks, but the speed with which manufacturers tend to update them puts users reasonably safe.
This integration allows them to be updated with security patches as part of the browser updates. In addition, many popular browsers with built-in password managers also offer advanced security features, such as encryption and two-factor authentication.
Encryption is a process that protects sensitive information by converting it into a code that can only be deciphered with the right key. Many built-in password managers use encryption to protect login information and ensure that it can only be accessed by authorized users. This added layer of security helps to protect against hacking and data breaches.
Two-factor authentication (2FA) is an additional security measure that requires users to provide two forms of identification before accessing their account. This can include a password and a fingerprint, a password and a code sent to a mobile device, or other combinations. The use of 2FA makes it more difficult for unauthorized users to access login information.
Popular browsers with built-in password managers, such as Google Chrome, Mozilla Firefox, and Apple Safari, offer encryption and two-factor authentication as security features.
For example, in Google Chrome, the password manager uses encryption to protect login information and also offers the option to enable 2FA. In Mozilla Firefox, the password manager also offers encryption and 2FA to protect login information.
So, imho, built-in password managers offer a secure way to store and access login information. The integration of these managers into popular browsers allows them to be updated with security patches, and many of these managers offer advanced security features such as encryption and two-factor authentication.
This added layer of security helps to protect against hacking and data breaches.
Here’s a comparison table of the pros and cons of built-in password managers and standalone ones:
| Built-in password managers | Standalone password managers |
|---|---|
| + Conveniently integrated into the browser | + Can work with multiple browsers and devices |
| + Automatic filling of login information | + Offers advanced features such as password sharing and emergency access |
| + syncing across multiple devices | - Additional setup and configuration required |
| + Advanced security features such as encryption and 2FA | - Vulnerable to hacking or data breaches |
| + Regular security updates | - Not integrated with the browser experience |
Based on the advantages discussed in this article, I recommend using a password manager built into a browser over a standalone one. However, it is important to note that everyone’s needs are different, so it is important to evaluate your own needs and preferences before making a decision.