Pretty much every cyber security expert can agree that using a password manager is something everyone should do. The debate occurs when discussing exactly which password managers to use and which are the most secure.
The lowest hanging fruit is any password manager or security protection already built into your internet browser. This is convenient and is usually associated with a known and (mostly) trusted brand. But, what if we told you that the built in Chrome Browser isn’t necessarily the most secure option?
While there are several browsers offering a password manager feature, we’re going to take a look at Chrome password manager security, specifically.
According to Oberlo, 62.85% of people on the internet rely on the Chrome browser - making it the most popular browser to date. Because of this, Chrome has also become a pretty significant target for hackers. In the past, cyber criminals have created malware (including very specific trojans) to harvest passwords from the browser.
Unfortunately, they’ve been successful more than once. For example, one particularly nasty piece of MaaS (malware as a service) is known as Redline Stealer. This malware is designed to stealthily infiltrate browsers, VPNs, crypto wallets, email clients, and other sources so it can collect data, including certain authentication cookies.
Since 2020, Redline Stealer has been a chronic problem for many, especially with the pandemic causing a significant rise in remote work. Companies and individuals have become even more reliant on technology like browser password managers to make their lives easier. Unfortunately, this has come at the cost of serious data breaches.
In addition to being targeted by malware, Chrome password manager security can also be compromised when devices aren’t being safely stored. All it takes is the theft of a laptop, and a criminal could potentially obtain the figurative “keys to the kingdom” in the form of instant access to all of your personal credentials.
One thing to note: the Google password manager doesn’t adhere to the zero knowledge ethos that’s followed by many other security and privacy tools. This means that Google only encrypts information at a device level, which causes vulnerabilities that don’t necessarily occur at the server level.
By doing this, Google’s password manager could likely access your usernames and passwords if they chose to. Many other password managers (like Cloaked) store this information in a heavily encrypted format that even they can’t access.
In short, zero knowledge means just that - companies don’t store your personal information in the product in a form that it can be accessed by employees or external hackers.
Because Chrome’s built-in password manager isn’t following the zero knowledge principles, it creates another layer of risk. If hackers can gain access to Google’s browser data, they could potentially gain access to personal credentials.
For anyone who uses their device regularly to access any sensitive accounts, using a separate password manager coupled with additional security tools is the gold standard. Before settling on a password manager in particular, make sure that you do your due diligence.
Take a few minutes to briefly research past data breaches associated with the product, security and encryption features, customer reviews, and the company’s privacy policy. The nature of password managers means that users are often more vocal when something goes wrong. You can learn a lot from recent reviews describing valid issues and drawbacks.
Ultimately, any password manager is better than nothing. But a good password manager can mean the difference between having secure accounts and offering up your credentials to any clever hacker.
Ready to start using a secure password manager? Click here to get started with Cloaked.