What are the security implications of team members also saving passwords on their browsers?

DonGordon
DonGordon
Community Member

Many team members including myself have saved a variety of passwords through our own browsers. As we migrate the team to 1Paswword this seems like a potential security issue. Does local browser saving of a password constitute a security risk? If so, what can we do to mitigate this risk?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:what are the security implications of team members also saving passwords on their browsers?

Comments

  • Hi @DonGordon

    Thanks for taking the time to write in. It does become a 'lowest common denominator' situation. The security of 1Password is greater than that of most browser-based password managers, and so an attacker is more likely to try there first. Additionally as you change passwords and update them in 1Password, but presumably not in the browser, you'll have an issue of incongruous data, which is likely to be frustrating. We recommend turning off the browser's built-in password manager:

    Turn off the built-in password manager in your browser

    Ben

  • DonGordon
    DonGordon
    Community Member

    Thanks Ben, very helpful. A supplementary question: Once I have everyone migrated to 1Password I'm planning to change all the passwords in the vaults(at least all the sensitive ones). I believe that when I do so I can use 1password to generate strong new passwords. It is my understanding that any team member using 1Password to sign into those sites would be accessing the revised password and in effect would notice nothing different.

  • Yes indeed. :) This guide may be handy when the time comes:

    Change your passwords and make them stronger

    Ben

This discussion has been closed.