affordableCebu
Home » Questions » Computers [ Ask a new question ]

Should I let my browser or the site remember my password, or neither?

Should I let my browser or the site remember my password, or neither?

What are the security implications of letting a web browser remember log-in information for me? Should I let a browser remember, like Firefox or Chrome, or should I let the site remember?

Asked by: Guest | Views: 286
Total answers/comments: 5
Guest [Entry]

"On my personal computers I will allow my web browser to remember my passwords, but that is because they are mine and nobody else will ever touch them (unless they break into my house and steal all my stuff, and then I have bigger things to worry about).

For public computers or work computers I would definitely choose neither, especially if you are working on a shared system."
Guest [Entry]

"With a browser remembered password you are open to at least two problems:

Others using your browser and getting your access
Malware picking up your password from the browser (limited to the browser vulnerabilities)

With a 'site remembered' password, you have a cookie placed in your browser by the site.
This is also unsafe (depending on the level of your paranoia):

Same problem as before, anyone accessing the browser from your login has access
Cookies can also be 'stolen' or miss-used

Always derive your paranoia based on the sensitivity of the password.
Your gmail password (just) might be safer to loose then your bank password."
Guest [Entry]

"Personally, I think they are both as 'bad' as each other.

""Remember me"" is slightly better because it isn't actually storing your password (or a representation of your password), but it is a token that represents you and, if the cookie is stolen, a malicious user could use that to log in as you without knowing your password."
Guest [Entry]

"In general terms the former is better.

The ""remember me"" approach in the sites usually leaves a cookie in your browser.

The ""remember my password"" in the browser stores it in a internal database.

If your are using intensively an application I would use the browser approach.

If you don't use intensively an application and extra security is needed ( like your back account ) use neither and type it always ( and make sure you use a hard password instead of a common one )

I like Google Chrome which always remember your user id, but not the password. That way I have to type less.

Plus, who knows when your wife is going to try to log on in that ""friend"" site ;)"
Guest [Entry]

"I feel it even depends on what's more secure: your computer or your connection. If the site is to remember you, then a cookie is set, which is sent back for each request. When having your password remembered (and when typing it yourself) then it's only transmitted while you're logging in...

(Sites that actually temporarily use HTTPS or some hashing to send your password, should not allow for ""remember me"" to start with, I think.)

But, like many suggested: differences are minor. And if you use the same password on many sites, then you probably care less about the cookie than about the actual password.

I'm sure the most secure option is to type my log-in details in every time

Unless you've got some key logger running. ;-)"