Which Is Better: Your Browser's Password Manager or a Standalone Service?
Either kind of password manager can improve your security. Here's what you need to know before you decide.
“Would you like to save this password?” We’ve all had a browser, such as Chrome or Edge, ask us this after logging in to a website, but is it the best way to go? Or is it better to use a standalone password manager, like 1Password or Dashlane?
Either way, security experts agree that having unique passwords for every account is vital because it protects you in the event of a data breach. Once criminals acquire log-in credentials from a data breach, they often try to use your username and password elsewhere across the web in a type of attack called credential stuffing. If you never reuse passwords, they won’t have much luck.
Since no human can memorize unique passwords for dozens if not hundreds of accounts, security experts have long recommended the use of a password manager, a service that helps you generate and store long, unique passwords for all of your online accounts. Password managers operate across browsers and devices. They also allow you to easily share passwords with family members or coworkers/colleagues who share access to the same accounts.
Can Browsers Generate Passwords?
Just like 1Password Families, the browser-based password managers in Chrome, Edge, Firefox, and Safari were able to generate passwords. (You have to be logged in when using Firefox and Safari.)
Can Browsers Check for Compromised or Reused Passwords?
One of the benefits of password managers like 1Password is that they let you check if a password you’ve used is one you’ve reused on multiple accounts. You can even look to see if a password you’ve used is listed in an online database of login credentials that have been stolen in data breaches. (These are tracked on a site called Have I Been Pwned.)
The password managers in Chrome, Edge, Firefox, and Safari also allow you to check whether any of your passwords have been compromised. Additionally, all of the browser-based password managers except for Firefox’s allow you to see whether your passwords have been reused.
Some browsers do this differently from others, though. For example, when we tested Safari on MacOs, it did not show us when we were creating a new account with an identical password, but it did alert us to duplicate passwords when we viewed the passwords it had stored.
Do Browser Password Managers Offer Interoperability?
Standalone password managers are designed to be used across browsers and devices. For example, you can access 1Password through the service’s website in any browser, through a browser extension, or through a phone app. This is an area where they have an advantage over browser password managers.
While the password managers in Chrome, Edge, Firefox, and Safari allow you to import passwords from one browser to another, only Edge and Firefox allow you to share passwords directly between browsers.
Do Browser Password Managers Offer Multifactor Authentication?
Multifactor authentication adds an extra layer of security to your accounts so that even if somebody knows your password, they won’t be able to log in.
This is an area where browser-based password managers fall short. 1Password Families offers multifactor authentication, and in fact it requires a secret key in addition to your password when you log in from a new device.
With browser-based password managers, it’s a little more complicated. Browsers may allow you to set up multifactor authentication for your account, but can also allow some functionality without an account. Chrome, for example, allows you to save your passwords in the browser locally without a password. That is not ideal from a security point of view. However, you can set up multifactor authentication on your Google account.
Are Browser Password Managers Easy to Set Up and Use?
It can be very quick and easy to get started with a browser password manager than a standalone product. For example, Safari’s password manager is enabled by default. It will prompt you automatically when you log in to a website, asking if you want to save the password. In contrast, standalone password managers like 1Password require some additional setup: signing up for an account, setting a primary password, adding browser extensions, etc. However, once it’s set up, syncing between apps and devices will likely be easier with a standalone service such as 1Password, especially if you use different types of apps and devices—for example, if you use Safari on your iPhone and Firefox on your laptop or desktop computer, or if you use Chrome on your Android phone but the Brave browser on your laptop.
Do Browser Password Managers Let You Store Other Data?
1Password allows you to store not just passwords and product keys, but also notes, documents, images, and other files. That could include a photo of your passport, or a PDF of a healthcare proxy form. Browser-based managers may also allow you to store some information beyond passwords. For example, Chrome allows you to store payment information and addresses.
How Can You Make Password Managers Even More Secure?
First, it’s always a good idea to use a password to log in to your computer, phone, and other devices, to protect not just any passwords that may be stored on your browser but anything else you happen to have on there.
Regardless of where you store your passwords, make sure you wipe your computer first before you sell it or otherwise dispose of it.