Saving a password in a browser might seem like a bad idea from a security perspective. But not really. For certain types of malware, saving a password in a browser could actually be a security measure. Very specifically, it can add a layer of security against keyloggers. This article explains what keyloggers are, and how saving your password in your browser could protect you against them.
What Is A Keylogger?
A keylogger is a type of virus or malware that logs your keystrokes every time you type keys on your computer keyboard. Some of the more intelligent keyloggers can even grab screenshots of your computer while you browse. All of this is done behind the scenes without your knowledge.
So for example, while shopping online, you are required to enter your personal and financial details like your name, home address, billing adrress, email, phone number, credit card details, etc. Some online stores even suggest that you sign up so you can save this information in your profile and not have to manually enter it each time. If a hacker has managed to load a keylogger onto your machine before you start your online shopping session, the keylogger will track every keystroke you type including the URL of the eCommerce store you’re shopping at. All of this information is then sent via your internet connection (without your knowledge of course) to the private email address or server of the hacker or identity thief. Now someone you’ve never met can go shopping with your money!
How Saving Your Password In Your Browser Can Protect You
You’re probably familiar with this pop-up from Google Chrome browser:
Whenever you enter a password in a new site, this pops up asking you to save your details so that the browser will auto-populate it next time. Different browsers show it differently, but all popular browsers have this feature.
If you generally don’t share your computer, I recommend that you go ahead and save your password in your browser. Here’s why?
Let’s say you choose to save the username and password for your online shopping store in your browser. Or let’s just say you have the auto-complete feature on. Whenever you need to type your details in your online shopping store, you will either just type your username and let the browser auto-populate the password or if you’re actually entering your credit card info, you only need to type some characters and your browser will auto-fill the rest for you (or prompt you to select from stored information as the case may be). Since keyloggers only have access to typed information, the hacker will only know the URL of the page and the few keys you typed before the auto-complete happened. Even keyloggers that take screenshots intermittently cannot decipher an auto-populated password because passwords are generally masked when typed into forms. So since your information never really got typed, the keylogging attack will be neutralized.
Pros And Cons Of This Advice
Note however, that there are pros and cons to storing your information in your browser. One disadvantage is that the information stored in your browser might sometimes be accessible from your machine’s hard disk. It can be argued that if a hacker manages to get access to your computer, then saving your passwords in a browser as a means of thwarting keylogging attacks is useless. Since the attacker already has access to your machine, it is argued that the malware can be used to send saved browser data to the attacker.
A counter argument could be that information saved in a browser are not necessarily saved to the local computer. If you’re familiar with how Google Chrome works between multiple devices when you’re signed in, you may see my point.
In any case, it makes sense to carefully weigh the pros and cons. Don’t indiscriminately install browser extensions. If you’re generally a careful person online, this technique could be useful if you unfortunately become the target of a keylogging attack.
Anti-virus software also provides good protection against keyloggers. Don’t underestimate them no matter how old-school they may seem. Virus creators and nefarious hackers will continue to come up with techniques to try to beat anti-virus programs. Anti-virus companies will continue to improve their software. It’s a never-ending game. Storing at least some information in your browser can protect you from keyloggers. At least the information you choose to store is something you can control.