Share browsers without sharing their stored passwords

Topic

New Reply

ISSUE 18.37 • 2021-09-27 LANGALIST By Fred Langa Browser-based password managers have an obvious vulnerability on shared PCs: anyone with access to th
[See the full post at: Share browsers without sharing their stored passwords]

2 users thanked author for this post.

lmacri, Will Fastie

Reply | Quote

Replies

My own preference is to use a password program that is not linked to the browser.  I’ve used Password Safe since it first came out and it works fine.  There is a portable version for Android that resides on my phone so I have access to the same passwords for various apps there.  Is it a bit more cumbersome than a browser linked approach?  Yes it is.  One has to open the program, enter the master password and navigate to the password link.  It takes maybe an extra 20 to 30 seconds.  You can also have multiple databases of passwords linked to the program if you need to.

Reply | Quote

The email title in my inbox says Ask Woody Plus. When I opened it, I received the Free edition instead.

I’m a paid member up through January 11, 2022. How do I get the paid edition actually sent?

I erased my email address so you can see what was sent and what was received don’t match.

Link or graphic refuses to paste here. I tried a few different ways and I can’t get it to show.

 

 

Got coffee?

Reply | Quote

My Plus membership expires on the same date, but I didn’t receive any email newsletter today.

Windows 11 Pro version 22H2 build 22621.1483 + Microsoft 365 + Edge

Reply | Quote

Mine didn’t come by email today either. My Plus Membership is current.

Reply | Quote

https://www.askwoody.com/2021/missing-your-plus-newsletter/

Clearly we need more coffee.  Got a ticket open with mailchimp to see what’s going on.  As soon as it’s fixed, we’ll resend the newsletter.

Susan Bradley Patch Lady

Reply | Quote

For Ax Kramer, Fred’s article gives the correct Microsoft directions for a tightly run environment like the ideal office setting. For any busy household with that one adequate laptop that anyone and their uninvited friend that tagged along for the afternoon and is now flopped on the couch, bored, idly scrolling down the browser history list wishing there was just something to do; yeah, you’ve got a problem. You neither bother to log out as a habit, nor expect every literate user in the house to log in with their own credentials.

My solution, for my house, was to take back my adequate laptop and purchase the current $300-400 Chrome device for all grab-and-use-for-the-moment purposes. That device still has all passwords for entertainment tasks in the browser folders. But none of the credentials for actual secure tasks has ever been input on that device; because no secure tasks happen on that device. And I do not allow browser saved passwords on my adequate laptop anyway. The rest of the house thought this was a great idea.

You do not often sleep in the kitchen, or make sandwiches in the bathroom. Compartmentalize your online tasks appropriately.

Reply | Quote

Fred Langa wrote:

Browser-based password managers have an obvious vulnerability on shared PCs: anyone with access to the browser might also have access to all its stored passwords!
…
How do I prevent anyone else in the family who has access to my computer and starts up Edge from accessing sites with my saved passwords?

There’s a much easier answer to this question than requiring each family member to sign in and out to/from Windows with a separate Microsoft account for every use, but which is also much more secure than just switching profiles within Edge:

Edge Settings, Passwords, Sign in: With device password
“If this is selected, you’ll need to enter your device password before we autofill your password on a website.”

This setting prevents a casual user from being able to use or view passwords saved within Edge, by requiring authorization via the Windows password, PIN, face or fingerprint.

Added privacy for your saved passwords If you are using a device you share with others or have left your computer unlocked for whatever reason, you can now opt for a second verification using your device password to avoid others getting access to your website passwords. Simple!
Release notes for Microsoft Edge Stable Channel — Version 92.0.902.55: July 22

Microsoft Edge stores your passwords securely encrypted on your hard disk. However, someone else with access to your computer may be able to sign into your accounts using your stored passwords with autofill.

This new update for Microsoft Edge gives you the option to enable a setting that requires you to authenticate yourself using your device credentials before you can use the saved password to autofill for a website.

Additional privacy for your saved passwords

Windows 11 Pro version 22H2 build 22621.1483 + Microsoft 365 + Edge

Reply | Quote