British Government Advice Threatens Your Cyber Security

The UK Governments National Cyber Security Centre (NCSC) is recommending that you save your password in your browser.  We don't recommend it. Internet browsers have the ability to save passwords but they are typically kept in a non-encrypted, plain text format.  

It is strongly recommended that you do not use your browsers password saving feature, as this is not a secure password manager.

If a web browser like Chrome, Firefox, or Safari are allowed to store passwords, you're putting your network security severely at risk.For instance: Chrome saves your passwords in your Google account. Once logged into your account, all your passwords are visible. 

This means that if your account is hacked, the hacker has access to all your other accounts.

Passwords have been used as a safeguard against others obtaining information throughout history. The less people who know a passcode or phrase, the more secure the information becomes and the less likely it will ever turn into public knowledge. With the advent of the Internet, and the ability to store everything online, you might think your information is secure. However, there are people out there who want nothing more than to still gain access to the information you hold most private.  

Even if you have your password in a secure location online, almost any site can be hacked into and your information which you thought was secure is no longer protected.

Virtually everybody today has a username and password. We are required to provide them to log on to popular online services, including social media, online stores and streaming services. By default, browsers will ask you if you want to save passwords to save you the trouble of typing them again. But do you let your browser remember your passwords and automatically fill them in for you every time you sign into an online account because if you do you could be headed for real trouble.

If your computer or mobile device is ever lost or stolen, whoever ends up with possession of it will have immediate and complete access to any online accounts that you have allowed your browser to store the passwords for. The UK NCSC says on their website ‘Using the same passwords for all your accounts makes you vulnerable, if that one password is stolen all your accounts can be accessed....It’s good practice to use different passwords for the accounts you care most about...Of course, remembering lots of passwords can be difficult, but if you save them in your browser then you don’t have to...Online service providers are constantly updating their software to keep sensitive personal data secure, so store your passwords in your browser when prompted; it’s quick, convenient and safer than re-using the same password.’

Passwords. They are the bane of so many users' existence, yet they're one of the only ways we have to secure our accounts, and those accounts are frequently compromised.

Yes, it's convenient. and who wants to type a password every single time it's requested? When you make use of a large number of online services, typing a password each time you use said service can disrupt your productivity. And when those passwords are incredibly complex, such that you must use a password manager, efficiency goes out the window. However, this is not a secure way forward.

The Basics 
Despite being constantly warned, users still insist on passwords like 12345 or ‘password’ for a password.  Even when those users employ incredibly complex passwords, there is still a pitfall in the way of enjoying a truly safe networking experience. This pitfall is when a web browser is allowed to store passwords.

The password saving option can be very helpful if you set different robust passwords for each service. But the truth is that browsers save these passwords in a plain text list which, in many cases, is not even encrypted. This means that anybody with access to your computer, co-workers, relatives, or anyone that lays hand on your computer, will be able to access these passwords from the browser’s own settings menu.

Do not use your browser password saving feature. One of the best and most secure ways of protecting a password is writing down your password offline., Your password should be something which you will know right away, but you make it very difficult for someone else to figure out in case it ever falls into the wrong hands.

You should never keep just one copy of this list. You should secure a second list some-where, in case this list ever does get lost. For obvious reasons, they should not be kept in the same exact location, but only you and maybe a loved one should know where it is.  The less people who know the passcode and where to find it, the more secure it will be.

NCSC:        StaySmartOnline:     BBVA:     TechRepublic:     University of Minnesota:   

RicksDailyTips     WigglyWisdom:

You Might Also Read:

Stay Cyber-Secure Working From Home:

 

 

 

 

 

« Lockdown Security Apathy Could Be A Big Risk
Hackers Attack Israel’s Water Infrastructure »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

Securosys

Securosys

Securosys is a technology company dedicated to securing data and communications. We develop, produce, and distribute hardware, software and services that protect and verify data and their transmission

Aryaka

Aryaka

Aryaka’s SmartServices offer connectivity, application acceleration, security, cloud networking and insights leveraging global orchestration and provisioning.

NCC-CSIRT (Nigerian Communications Commission)

NCC-CSIRT (Nigerian Communications Commission)

NCC has established a CSIRT for the telecommunication industry to provide services and support for the prevention and management of potential cyber security related emergencies.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

Saudi Information Technology Company (SITE)

Saudi Information Technology Company (SITE)

SITE is a forward-thinking enterprise, which aims at revitalizing Saudi Arabia’s digital infrastructure, cybersecurity, software development, and big data and analytics capabilities.

Novem CS

Novem CS

Novem CS are bespoke cyber security specialists providing a highly effective and specialised approach to solving your cyber security challenges.

Eclypses

Eclypses

Eclypses has a disrupting cyber technology, offering organizations an advanced data security solution called MicroToken Exchange (MTE).

Novera

Novera

Novera offer security assessment and advisory services to help businesses manage risks from AI, cyber and privacy.