Your browser wants to manage your passwords. This feature can make browsing more seamless or respond to the popularity of password managers. But how secure are your browser’s built-in password management tools? The answer lies in encryption and security options.
Google Chrome and Safari have robust password management tools, including encryption that uses AES, a gold standard for security. However, using a commercial, third-party password manager is still more secure due to zero-knowledge encryption.
Even with better security measures, the goal of browser-based password managers is to get people using them. The challenge lies in finding the right balance between ease of use and security. Google’s focus on reducing “friction” has led to the option to turn on Windows Hello or biometric authentication, but this setting is turned off by default.
Storing passwords in a third-party manager offers additional protection against account takeovers and data breaches. Features like multi-factor authentication (MFA) and device-bound authentication methods increase security. Commercial password managers also come with more features and functionality, such as email aliases, travel modes, and self-hosted options.
In conclusion, using your browser’s password manager is better than not using one at all. However, for those who want a bit of friction for better security, a third-party password manager is the way to go.
Source: https://www.wired.com/story/browser-password-managers