Skip to main content
Dashlane Logo

The Risks of Using a Browser Password Manager

Originally published:|Dashlane

When it comes to passwords, having a long, randomized string of characters isn’t enough. Where to store passwords also plays a role in their security and privacy. Browser password managers are a popular option for many individuals and small-business employees looking to practice basic password safety, easily storing strong passwords for every account. However, browser password managers are rarely your best option.

What’s a browser password manager, and how does it work?

Most web browsers include a password manager, whether it’s Google Chrome, Mozilla Firefox, Opera, Safari, or Microsoft Edge. Users tend to gravitate towards browser password managers because they require little to no setup. As soon as you sign up or sign in to an account, most browsers offer a pop-up asking whether you’d like the browser to save your logins for you.

Built-in browser password managers usually come with an autofill function. When you navigate to a familiar website’s login page, the browser automatically fills in your username and password. That way, you’re only one click away from signing in.

However, that same simplicity can also be a detriment. Browsers tend to offer the most bare-bones functionality of a password manager. Your credentials are also typically only protected by the same email and password combination of your browser account, and browsers also might not sync your credentials across multiple devices. Let’s take a closer look at some of these drawbacks.

Want to learn more about using Dashlane Password Manager at home or at work?

Check out our personal password manager plans or get started with a free business trial.

7 drawbacks of a browser password manager

Despite the surface-level convenience of browser password managers, there are many reasons why security-conscious individuals and businesses opt for alternative solutions.

There are several drawbacks and risks to using your everyday browser as a password manager:

  1. Lack of built-in security and encryption

A browser’s job is to allow you to surf the web, and many don’t offer a zero-knowledge architecture that would maintain the privacy of your data, including passwords. Thus, you never truly know what the organizations that own the browsers will do with your sensitive data. Also, many browsers’ business models rely on data collection and user tracking, which conflicts with ensuring user privacy.

Furthermore, many browsers are vulnerable to malware attacks through phishing schemes, and hackers usually target them due to the lack of an active security team and the thousands of people using them for their logins. Unverified browser extensions and add-ons can even add JavaScript to specific web pages and read their contents, allowing them to outright steal your passwords.

  1. Physical access through your device

If you lend anyone your mobile device or desktop, or it gets stolen, that person can easily navigate to the password repository in your browser and gain access to all your credentials. Simply having a passcode on your device isn’t enough to deter all attempts, as it’s easy for a skilled individual to export your logins or install a keylogger spyware without you noticing.

  1. Poor cross-platform compatibility

While the functionality may exist for your browser password manager to sync across multiple devices, there’s no cross-platform compatibility—which means you’re confined to using the same browser. For example, you can’t access Safari passwords on an Android or Windows device.

Even within the same platform, the syncing itself isn’t always reliable, and new logins don’t always immediately show up on all your connected devices. This can be particularly frustrating if you’re constantly switching between devices for specific apps and websites, or if you have a spotty internet connection.

  1. Cross-application limited functionality

A browser password manager only has access to the sites and web apps loaded through it. You can’t as easily use it to store passwords from desktop apps and dedicated software. It’s the same on a mobile phone. You’d need to manually copy and paste your passwords to and from the browser every single time you log in.

  1. No secure sharing feature

Browsers make it very difficult to securely share passwords, whether it’s sharing logins with your friends and family or needing to grant a colleague access to an account. Without a dedicated password-sharing function, you’d have no choice but to send passwords over unsecured channels, like email or messaging apps, such as Slack and WhatsApp.

Graphic of a person sharing streaming, WiFi, and banking password and login information with other people.
  1. Difficult for admins to manage

For admins in the business setting, managing browser-based passwords is incredibly difficult. They have no efficient way of implementing changes when an employee joins or leaves the team. Also, if everyone is saving logins to their personal browser, admins can’t monitor which apps and websites the employees have up-to-date access credentials to.

  1. Increased risk of data breaches

Web browsers are often in the news for data breaches that target their built-in password managers. Furthermore, you’d have no way of knowing whether your passwords were included in a breach or leak until the company reports on it, and by then, a malicious individual could have already used your data to access and take over some of your accounts, whether it’s your bank or your organization’s social media.

Alternatives to browser password managers

Native password managers aren’t your only option for password management. There are many purpose-built alternatives depending on your everyday needs and technical experience.

Browser extension

Unlike the browsers themselves, password manager browser extensions are specifically designed to keep your passwords safe. They operate similarly to built-in password managers, requiring little intervention after the initial setup, but they offer more security features.

Password manager extensions, like the Dashlane browser extension, include all the necessary functionality and security measures of an external password manager—encryption, cross-device syncing, secure sharing, and more—without sacrificing the convenience of a browser-based solution.

Apps

For employees who conduct the majority of daily work on a single company-provided smartphone or tablet, a mobile app password manager might be your best option. For those who use multiple devices, a web app is a more versatile alternative. In either case, the app runs in the background and takes care of saving and autofilling your passwords as needed across multiple apps and websites.

Local software

Local password manager software is one of the most secure ways to store passwords offline. It works like a dedicated password manager, but it stores your credentials locally on your device, instead of the cloud or an external piece of hardware.

By keeping your logins offline, password manager risks of a data breach or malware are minimized. However, you may need to manually sync your passwords across devices, and you lose access if your device is lost, stolen, or simply needs to be charged.

Stateless

A stateless or token-based password manager is another one of the best ways to store passwords offline, particularly for employees. It uses an external device, such as a USB stick or NFC (Near-Field Communication) dongle, to access your accounts. Since your passwords are regenerated at every login, the risk of a web-based data breach or malware is lower. However, you must have the device with you to access your accounts, which is inconvenient if it’s misplaced or broken.

What to look for in a secure password manager

When asking yourself, “are password managers safe,” the answer depends on the password manager’s security protocols and functionality. For the most robust solution, look for the following features:

  • Autofill: The best password solutions automatically fill in your logins on websites, software, and apps, without you needing to manually copy and paste them.
  • Password generator: Using random passwords with a unique mix of special characters, letters, and numbers ensures your passwords are difficult to crack.
  • Cross-device syncing: When a password manager syncs password changes and updates across devices with little or no delay, it makes for a seamless experience.
Graphic of three icons representing a desktop computer, a tablet, and a mobile phone with lines connecting these three icons to a cloud icon labeled “Password Vault,” representing how an online password manager works with various devices.
  • Multi-platform support: When password managers work across platforms, you can use the same password manager on all your daily devices—desktop, tablet, and smartphone.
  • 2-factor authentication (2FA): Enabling 2FA on your accounts is a good security habit you should always practice. This adds a layer of security to your passwords, often through an OTP (one-time password) or a physical token.
  • Single sign-on (SSO): With SSO, a single password is sufficient to securely log in to multiple software and web apps. For businesses, this means employees can easily log into their password manager the same way they’re used to logging into other work accounts.
  • Zero-knowledge architecture: This security standard is important when it comes to sensitive data. In a password manager with a zero-knowledge architecture, no one—not even the company that owns the password manager—is able to access or read your passwords.
  • Encryption: Strong encryption is one of the most important features of password storage. Cryptographic algorithms are used behind the scenes for a password manager to ensure that only permitted individuals can decode and access the data. 
  • Account recovery: Many password managers have a way for users to regain access if they lose their master password, but some methods are more secure than others. More secure methods require initial setup on the user’s end—it’s important that it’s not too easy, otherwise bad actors can just as easily “recover” accounts.
  • Admin tools: Strong password managers should come with standard features for admins to make company collaboration easier. Features like password sharing, monitoring, and security alerts are all admin tools that make managing your passwords more efficient.

Convenience and security go hand-in-hand with Dashlane

With Dashlane, you don’t have to choose between convenience and security. User-friendly features such as autofill, SSO, cross-device syncing, and passwordless login make it easy to incorporate into your online routine, while admin security features like intuitive provisioning, Dark Web Monitoring, and Password Health scores safeguard your credentials. You can also rest assured knowing your credentials are encrypted and protected by zero-knowledge architecture so that nobody, including Dashlane, can access your private information.

With surveys showing 63% of people reuse old passwords and 61% of data breaches involve compromised credentials, there’s significant room for improvement in secure credential management. Learn the most effective ways to make security your top priority around the clock.


References

Sign up to receive news and updates about Dashlane