Chrome and Edge to Beef-up Their Password Managers
We have always been advocates of password managers like LastPass and Roboform. Alas, we know most of you still don’t use one. But for all of you who don’t use a password manager, some good news is coming your way: Both Microsoft Edge and Google Chrome are beefing up their built-in password managers.
It’s increasingly important that you use strong passwords and never use the same password on more than one site. It’s also important that you change your passwords at least twice a year. A password manager makes it easier to create strong passwords and remember them.
The following article from Ars Tecnica is great reading if you’re interested in your security and you want to know more about the new, improved, built-in password managers in Edge and Chrome.
Chrome and Edge Want to Help Solve Your Password Problems
Dan Goodin, Ars Technica
If you’re like lots of people, someone has probably nagged you to use a password manager and you still haven’t heeded the advice. Now, Chrome and Edge are coming to the rescue with beefed-up password management built directly into the browsers.
Microsoft on Thursday announced a new password generator for the recently released Edge 88. People can use the generator when signing up for a new account or when changing an existing password. The generator provides a drop-down in the password field. Clicking on the candidate selects it as a password and saves it to a password manager built into the browser. People can then have the password pushed to their other devices using the Edge password sync feature.
As I’ve explained for years, the same things that make passwords memorable and easy to use are the same things that make them easy for others to guess. Password generators are among the safest sources of strong passwords. Rather than having to think up a password that’s truly unique and hard to guess, users can instead have a generator do it properly.
“Microsoft Edge offers a built-in strong password generator that you can use when signing up for a new account or when changing an existing password,” members of Microsoft’s Edge team wrote. “Just look for the browser-suggested password drop-down in the password field, and when selected, it will automatically save to the browser and sync across devices for easy future use.”
Edge 88 is also rolling out a feature called the Password Monitor. As the name suggests, it monitors saved passwords to make sure none of them are included in lists compiled from website compromises or phishing attacks. When turned on, the password monitor will alert users when a password matches lists published online.
Checking passwords in a secure way is a difficult task. The browser needs to be able to check a password against a large, always-changing list without sending sensitive information to Microsoft or information that could be sniffed by someone monitoring the connection between the user and Microsoft. In an accompanying post also published Thursday, Microsoft explained how exactly that’s done.
Not to be outdone, members of the Google Chrome team this week unveiled password protections of their own. Chief among them is a fuller-featured password manager that’s built into the browser.
“Chrome can already prompt you to update your saved passwords when you log in to websites,” Chrome team members wrote. “However, you may want to update multiple usernames and passwords easily, in one convenient place. That’s why starting in Chrome 88, you can manage all of your passwords even faster and easier in Chrome Settings on desktop and iOS (Chrome’s Android app will be getting this feature soon, too).”
Chrome 88 is also making it easier to check if any saved passwords have wound up on password dumps. While password auditing came to Chrome last year, the feature can now be accessed using a security check.
Many people are more comfortable using a dedicated password manager because they offer more capabilities than those baked into their browser. Most dedicated managers, for instance, make it easy to use dice words in a secure way. With the line between browsers and password managers beginning to blur, it’s likely only a matter of time until browsers offer more advanced management capabilities.
This story originally appeared on Ars Technica.