Let's be honest - saving passwords in a web browser seems extremely convenient. Chrome or Edge offers to save them; all that needs to happen next is clicking "yes." But could there be potential risks here?
But here's the thing: just because something is straightforward does not make it safe. In fact, using your browser's built-in password manager is similar to leaving your house keys under the doormat and hoping no hackers come knocking.
Seriously, it's time for an upgrade
In the perfect world we would ditch passwords all together. However, most organisations aren’t ready for that. For now, we still need passwords. In my last post we talked about the latest NIST standards. Now let’s talk about how to store these passwords in a way that doesn't create a security risk. Most people will leverage their web browser's password management tool because it’s super easy.
So, what should we do?
The hidden dangers of browser-based password managers
1. Hackers love browsers - and for good reason
Modern malware is tailored specifically for browser-based attacks, making your passwords in Chrome, Edge or Safari an inviting target for credential-stealing malware that does not need to break down doors to get in and take what it wants.
2. Your browser isn't a vault - it's a convenience store
Browsers were never meant to be secure vaults. Most browsers do not implement zero-knowledge architecture, which guarantees that passwords stored with them remain confidential - even from their vendor.
Their password managers:
Often don’t use strong encryption
May be accessible to browser extensions or scripts
Usually don’t warn you about reused or compromised passwords
Rarely offer multi-factor authentication (MFA) to protect your vault
Worse, malware can export your entire list of saved passwords with shockingly little resistance. Yikes.
3. AI-powered malware is on the rise
Cybercriminals have adopted sophisticated tools like ChatGPT to develop more insidious info-stealers. These attacks can bypass basic browser protections and steal all of your saved credentials across digital services - potentially opening a floodgate of fraud across your digital life.
So, what should you do instead?
Now is the time to upgrade from your browser's password manager and switch over to a real password manager, one with serious security in mind.
Dedicated solutions operate on a zero-knowledge model, ensuring only you are capable of decrypting your vault. In addition, these dedicated solutions often offer robust MFA, breach notification services and strong encryption--features typically lacking or weaker in browser managers.
Isolation and vault-based protection architectures
Who should I trust?
Here are the three password managers that are generally considered great options:
Bitwarden
1Password
NordPass
Open source & transparent
Zero-knowledge encryption
Free tier for individuals
Excellent for teams and IT admins
Fantastic UI & usability
Strong family and business features
Advanced MFA, secure sharing, and travel mode
Uses cutting-edge XChaCha20 encryption
Breach scanner built-in
Easy to use, and works great on all devices
Final thoughts - upgrade your security hygiene
Your browser is great for browsing. It’s not great for guarding your digital identity.
If you’re serious about protecting your accounts, business, or customers, treat your credentials like the crown jewels. A real password manager:
Encrypts your data before it ever hits the cloud
Warns you about compromised or reused passwords
Supports multi-device sync and MFA
Offers secure sharing options for teams
And best of all? You only have to remember one strong master password.
So go ahead. Break up with your browser's password manager. It's not you, it's them.
As certified IT security experts, we can help you fortify your defences, uphold regulatory compliance, improve your company's security posture and proactively maintain your servers and networks to protect you from evolving cyber risks.
Alex Weeks
