October 1st, 2020

Browser Password Storage Thoughts – WST

There is some risk when allowing a user’s browser to remember passwords. If a bad actor gets access to a machine, they could possibly leverage the passwords stored in the browser to increase access and move to other systems. It should be noted that there are numerous other ways they can do the same, so blocking browsers from remembering passwords is simply a layer in your overall controls. All browser vendors allow you to block password storage via Active Directory Group Policy, and a Google search for “browser block passwords storage via group policy” should get you going.

If you do disable browser stored passwords, it’s important to give users an alternative, otherwise they will likely end up using a Word doc full of passwords on their desktop or maybe just write them down on sticky notes – arguably less secure than letting the browser store passwords! Some popular password managers are KeePass, LastPass, and 1Password. Whatever you choose, you will also have to train your employees on proper usage, and it’s a good idea to reinforce this training at least annually.

You May Want to Read More:

Don't Let Urgency Lead to Insecurity, Part 2 - WST

April 17th, 2020

April 17, 2020 Don't Let Urgency Lead...

Keep Yourself from being Roasted – WST

April 9th, 2020

April 9, 2020 Keep Yourself from being...

Complaint Management Programs - More Important Now Than Ever - WST

April 7th, 2020

April 2, 2020 Complaint Management Programs...

Keep your institution off the evening news.

Contact Us