One topic that is always sure to strike up a nerdy conversation is whether you should let your browser store your passwords. There is the obvious security risk of what happens when someone gets remote access to your computer, or even worse physical access. We’ve seen plenty of utilities that are able to quickly extract anything that isn’t protected by a master password, but the bigger issue is that not all browsers (like IE) even support a master password.
So what do you do? One option, albeit not my personal favorite, is to not have the browser store the password at all. As one of our commenters pointed out there is a good compromise in a situation like this, where you can get the convenience without forfeiting the security. The key is having the browser remember only part of the password, and then you typing in the latter half of it manually. Here’s a better breakdown as to how this works:
- Go to a website that requires you to login.
- Enter in your username, and then in the password field enter in only part of the characters. For example, only enter 10 out of the 15 characters of your password.
- Submit the form, and the website should say the login failed (since you didn’t enter in your full password in the previous step). However, you should have still been prompted by the browser to save the password (like in the screenshot above). Go ahead and save it.
- The next time you have the browser autofill in the username and password all you have to do is type in the remaining 5 characters.
A good way to take advantage of something like this is to make the part the browser remembers extremely hard to guess. You should use letters, numbers, and characters for that portion since it’s only the tailend of the password that you actually have to remember. Here’s an example:
My username: cybernetnews
My full password: 8^leU-4T_cybernet
Have the browser save this part: 8^leU-4T_
All I have to type in at the end is: cybernet
Unfortunately this solution doesn’t actually work in Chrome since it doesn’t prompt you to save a password until it knows it went through successfully, but it does work just fine in Firefox and Internet Explorer. Since Firefox already supports using a master password I’d say this is less important there, but it’s more useful in IE since your passwords are always up for grabs with very little work.
A big thanks to mOrloff for the tip!