from the security-vs-convenience dept.
RedLine malware shows why passwords shouldn't be saved in browsers:
The RedLine information-stealing malware targets popular web browsers such as Chrome, Edge, and Opera, demonstrating why storing your passwords in browsers is a bad idea.
This malware is a commodity information-stealer that can be purchased for roughly $200 on cyber-crime forums and be deployed without requiring much knowledge or effort.
However, a new report by AhnLab ASEC warns that the convenience of using the auto-login feature on web browsers is becoming a substantial security problem affecting both organizations and individuals.
[...] Using your web browser to store your login credentials is tempting and convenient, but doing so is risky even without malware infections.
By doing so, a local or remote actor with access to your machine could steal all your passwords in a matter of minutes.
Instead, it would be best to use a dedicated password manager that stores everything in an encrypted vault and requests the master password to unlock it.
Moreover, you should configure specific rules for sensitive websites such as e-banking portals or corporate asset webpages, requiring manual credential input.
Finally, activate multi-factor authentication wherever this is available, as this additional step can save you from account take-over incidents even if your credentials have been compromised.
(Score: 2) by choose another one on Wednesday December 29, @11:58PM
Right here:
Such an actor can access browser files, as you, whoop dee doo. They can also access "dedicated password manager" files (as you), run a keylogger (as you) and have all your "dedicated password manager" stored passwords the second you retrieve one of them with the passphrase. This is better? - well for certain values of "better" which may or may not depend on whether you have connections to selling password managers...
Solution: make sure a local or remote actor _doesn't_ have access to your machine, or use 2FA and make sure they don't have access to second factor.