2

Is it more secure to allow the browser to save a website password or prohibit the browser from saving the password? Based on the opposing benefits that came to mind, it seems like it is more secure to allow the browser to save the password in most situations. Am I missing any benefits?

    Benefits of allow the browser to save the password:
  1. Spoof websites are more easily detected because the username and password don't show up (this may be a mute point if the username is saved but not the password).
  2. Keyloggers won't pick up the password if you don't type it. (Thanks to Thrawn)
  3. People will be less likely to keep the password in an obvious place (i.e. sticky note)
    Benefits of prohibiting the browser from saving the password:
  1. Stops someone with access to your computer from accessing the passwords (the level of access needed can vary based on how the passwords are stored).
Community
  • 1
  • 1
James A. N. Stauffer
  • 2,581
  • 3
  • 21
  • 31

1 Answers1

1
  • Spoof websites are more easily detected because the username and password don't show up (this may be a mute point if the username is saved but not the password).

Is this true for sites that have been dns hijacked?

  • Keyloggers won't pick up the password if you don't type it.

If a computer is vulnerable enough to be keylogged, it can simply upload the password containing file.

  • People will be less likely to keep the password in an obvious place

People will do stupid things regardless of what steps you take to prevent it.

The most secure method is preventing saving the password. However annoying it may be to retype it every time.

John
  • 5,001
  • 3
  • 32
  • 60