You Still Shouldn’t Use a Browser Password Manager

Photo of abdulmanannet77@gmail.com abdulmanannet77@gmail.comOctober 26, 2025
0 0 2 minutes read
You Still Shouldn’t Use a Browser Password Manager
https://www.profitableratecpm.com/f4ffsdxe?key=39b1ebce72f3758345b2155c98e6709c

By default, Google manages your encryption key, but it allows you to configure encryption on the device, which works similar to a zero-knowledge architecture. Your passwords are encrypted before being saved on your device and you manage the key. Regardless of how encryption works, Google uses AES, which remains the gold standard for security among password managers.

Previously, it was simple to crack Chrome passwords, requiring little more than a Python script and knowledge of where the files are stored. But even there, Google has raised the bar when it comes to security. Application-based encryption has invalidated these methods, and password cracking is much more complex than before. Additionally, Google has integrated Windows Hello. If you want, you can tell Windows Hello to protect your passwords every time you sign in by asking for your PIN or biometric authentication.

Other browsers are not as secure. Firefox, for example, clearly states that even though passwords saved in Firefox are encrypted, “anyone who has access to your computer’s user profile can still see or use them.” Brave works the same way, although I suspect most Brave users already use a third-party password manager (and probably a VPN).

Either way, it’s better to store your passwords, even in a less secure browser like Firefox, than not to use a password manager at all. And the market-leading browsers, Chrome and Safari, have significantly improved their security practices in recent years. The problem isn’t encryption: it’s putting all your eggs in one basket.

Let’s talk OpSec

OpSec, or operational security, is normally a term used to talk about sensitive data within government or private organizations, but you can look at your own security from an OpSec perspective. If you were an attacker and wanted to recover someone’s passwords, how would you go about it? I know where I would look first.

Even with better security measures, the goal of a browser-based password manager is to encourage users to use password managers. This must be weighed against the ease of use of the password manager. In a blog post announcing changes to Google’s authentication methods ahead of Google I/O this year, the company mentions reducing “friction” seven times, while “encryption” isn’t mentioned at all. That’s not a bad thing, but it’s a testament to how these tools are designed.

You don’t need to choose words in a blog post to see this focus. Google gives you the option to enable Windows Hello or biometric authentication with Google Password Manager. Every time you want to enter a password, you will need to authenticate. This is arguably more secure than not authenticating every time, but the setting is disabled by default. This creates friction.

Photo of abdulmanannet77@gmail.com abdulmanannet77@gmail.comOctober 26, 2025
0 0 2 minutes read
Photo of abdulmanannet77@gmail.com

abdulmanannet77@gmail.com

Related Articles

Global leaders and businesses pore over fallout of more U.S. tariff swoons

Global leaders and businesses pore over fallout of more U.S. tariff swoons

7 days ago
A tiny smartphone for a bigger, less distracted life — just

A tiny smartphone for a bigger, less distracted life — just $85

December 26, 2025
NASA Works with Boeing, Other Collaborators Toward More Efficient Global Flights

NASA Works with Boeing, Other Collaborators Toward More Efficient Global Flights

December 11, 2025
The Best Smart Home Gear to Level Up Your Entertainment System

The Best Smart Home Gear to Level Up Your Entertainment System

September 30, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button