Built-in Password Managers: the Good and the Bad
Maintaining your passwords is a hassle. If you want to stay safe, they have to be difficult and long enough, changed frequently, and different for each account. Otherwise, you’re very likely to get hacked — 81% of data breaches are due to weak passwords. In 2016 alone, 3 billion of passwords were stolen — almost 100 every second, or over 8 million per day.
Currently, an average person manages anywhere from 40 to 200 accounts, and that number is increasing every year. That’s a lot of passwords to remember — unless you use a password manager. Now, most devices and browsers have built-in managers to help with the annoyance of passwords. But are they safe? And if so, which one should you choose?
Wide variety to choose from. There are quite a few built-in password managers currently available. To name a few: Chrome Password Manager, Firefox Lockbox Password Manager, iCloud Keychain, Credential Manager for Microsoft Edge.
Better than reusing passwords. It’s safer to use a built-in manager than use one generic password on all accounts. With a manager, you don’t have to remember all of them so you can come up with more complicated combinations. You also don’t have to write them down anywhere. That makes it safer.
Free of charge. Built-in password managers usually come as add-ons. Services like internet browsers or computer operating systems offer them free of charge. You don’t even have to install them, so you get all the convenience without paying a cent.
Convenience. The best thing about a built-in password manager — it doesn’t ask you to do much. Since it’s integrated with the web browser or your device, no additional setup is required. You just type in your login information, and it’s automatically saved. Next time you're back on the same website, all your credentials are already typed in.
All this sounds really attractive, right? But before you trust built-in managers with your sensitive information, there are a few things to take into consideration. The easiest choice is not always the best one.
Security is not their primary concern. Browser password managers can do a lot to keep your password safe, but security always comes second to the other functions they provide. These features exist to make your life easier, not safer.
Easily hacked. Another thing to keep in mind is that browsers are easy to hack. Firefox’s Master Password feature can reportedly be cracked in 1 minute. Meanwhile, Apple’s iOS 13 beta bug apparently lets strangers bypass your iCloud Keychain password with ease.
Lack of information. Other managers provide very little information about their security measures. Chrome Password manager claims to encrypt your credentials, but doesn’t give any specifics about the encryption itself. Microsoft Edge's Password Manager is also quite tight-lipped about its encryption, so you need to have a bit of blind faith when using them.
The security practices of saving and storing your passwords. Chrome Password Manager saves and stores your passwords in your Google account. Once logged in, all your usernames and passwords are visible. It means that if someone hacks your Google account, they’ll have access to all others.
That is not to say that you should stop using built-in managers altogether. It’s still better than using the same password on all of your accounts. However, experts claim the best choice is to use a dedicated online password manager. Dedicated managers encrypt your saved logins and secure them with one master password. It’ll be the only one you need to remember.