Is it security wise for one's own computer to save password for you?
February 15, 2023 1:57 PM Subscribe
There is a box in the sign in page in some emails (not Gmail though) that asks if you want to have it saved for you. In case it is stolen would the theif find out the password?
Best answer: So it is hard to say more without specifics but generally this means you are instructing the web site to set a cookie for the site that would allow the site to automatically log you in the next time you visit the site. What is in the cookie is up to the people creating the web site. It would be poor form to store the password directly. Better would be to store a complex authentication token. You as a normal web user have no reasonable ability to know what a web site developer choose to do.
In either case, someone stealing your computer can become you when they visit the web site even if they can't directly determine your password. This is why phones and traditional computing devices support fully encrypting the storage to make this a harder thing for an adversary to do.
posted by mmascolino at 2:39 PM on February 15, 2023 [1 favorite]
In either case, someone stealing your computer can become you when they visit the web site even if they can't directly determine your password. This is why phones and traditional computing devices support fully encrypting the storage to make this a harder thing for an adversary to do.
posted by mmascolino at 2:39 PM on February 15, 2023 [1 favorite]
Best answer: Yeah, it's hard to answer this question without knowing the specific context.
If the website has a checkbox like "remember me on this computer", that means it stores a login cookie on your computer in a way that stays around even after you close the browser window. This login cookie doesn't typically include your password (as mmascolino has mentioned).
If your browser is asking you to "save this password", it depends on the browser. I believe Chrome, by default, doesn't encrypt passwords, so anyone with access to your computer can read them. Safari stores passwords in the system keychain, which is encrypted, so you need to decrypt the keychain (using your phone passcode or login password) to read them. I'm not sure what Firefox or Edge do.
posted by panic at 3:31 PM on February 15, 2023 [2 favorites]
If the website has a checkbox like "remember me on this computer", that means it stores a login cookie on your computer in a way that stays around even after you close the browser window. This login cookie doesn't typically include your password (as mmascolino has mentioned).
If your browser is asking you to "save this password", it depends on the browser. I believe Chrome, by default, doesn't encrypt passwords, so anyone with access to your computer can read them. Safari stores passwords in the system keychain, which is encrypted, so you need to decrypt the keychain (using your phone passcode or login password) to read them. I'm not sure what Firefox or Edge do.
posted by panic at 3:31 PM on February 15, 2023 [2 favorites]
Best answer: This kinda boils down to a question of "what can someone with physical access to your computer get to". Recent versions of Windows, MacOS, and Linux at least offer the option of encrypting your local storage, if not mandating it. Assorted Apple hardware is even making it difficult to wipe and reinstall on, making the used markets recent Apple hardware difficult to navigate, but making them less attractive theft targets.
So if that's the case on your computer, then your passwords are as safe as your mechanism for logging on to your computer (and, if your browser or password manager has its own authentication, that lawyer as well).
posted by straw at 6:36 PM on February 15, 2023
So if that's the case on your computer, then your passwords are as safe as your mechanism for logging on to your computer (and, if your browser or password manager has its own authentication, that lawyer as well).
posted by straw at 6:36 PM on February 15, 2023
Best answer: I log on to my computer with a password. The end. I log into programs, on the web, so, email is not an app on my computer, nor facebook, any of them. My passwords are elsewhere, hand written. Hand entered as I create them. Certain things I only do on my home computer, other, more mundane, social media etc, I can do on my phone, but I never switch out to read the papers on their app, or don't keep email open anywhere. There is not a guest log on option on my computer. There is only one password in my computer, that is the logon password.
posted by Oyéah at 7:10 PM on February 15, 2023
posted by Oyéah at 7:10 PM on February 15, 2023
Best answer: I'm not sure what Firefox or Edge do.
Firefox asks you to create a master password for the stored password list, and requests that password each time FF is started, or when you want to see any of the stored passwords in plain text.
If passwords are stored on paper, then someone could copy the paper without being noticed, or you could lose the paper.
That again depends on where that paper is stored, and how obvious it is how each of those entries relates to a particular account. For some people just writing down a password, or an entry code or something is enough to anchor it in their memory, and that paper can then be put between the pages of an innocuous book to be looked at again only rarely. And the advantage of paper is that it's impossible to get to via remote access to your computer.
For certain tasks on my work laptop I have the 'problematic' passwords printed as barcodes, with a barcode reader providing keyboard input, but even if someone got hold of that AND the laptop, it's not clear offhand what password is to be used where, and one call to Support, which I would need to do if the laptop goes walkies anyway, will just block those accounts. That paper, of course is NOT in my laptop bag when commuting to the office. ('problematic' as in, for some tasks one of those passwords needs to be entered 15 times in short succession, and they're >20 chars with 'sufficient complexity')
posted by Stoneshop at 3:16 AM on February 16, 2023 [1 favorite]
Firefox asks you to create a master password for the stored password list, and requests that password each time FF is started, or when you want to see any of the stored passwords in plain text.
If passwords are stored on paper, then someone could copy the paper without being noticed, or you could lose the paper.
That again depends on where that paper is stored, and how obvious it is how each of those entries relates to a particular account. For some people just writing down a password, or an entry code or something is enough to anchor it in their memory, and that paper can then be put between the pages of an innocuous book to be looked at again only rarely. And the advantage of paper is that it's impossible to get to via remote access to your computer.
For certain tasks on my work laptop I have the 'problematic' passwords printed as barcodes, with a barcode reader providing keyboard input, but even if someone got hold of that AND the laptop, it's not clear offhand what password is to be used where, and one call to Support, which I would need to do if the laptop goes walkies anyway, will just block those accounts. That paper, of course is NOT in my laptop bag when commuting to the office. ('problematic' as in, for some tasks one of those passwords needs to be entered 15 times in short succession, and they're >20 chars with 'sufficient complexity')
posted by Stoneshop at 3:16 AM on February 16, 2023 [1 favorite]
« Older Science fiction short stories by BIPOC, female... | How should I wash reusable MUJI mop heads? Newer »
This thread is closed to new comments.
posted by Phssthpok at 2:36 PM on February 15, 2023 [5 favorites]