ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How Safe Is Our Password Saved Inside the Web Browser?

Updated on April 5, 2018
profile image

Dan Elle is currently Business Development Manager ShieldApps Software Innovations.

While the passwords are not exactly gold, they guard something far more precious. We all met someone who said: “It’s just letters, I have nothing to hide”. Behind the simple combination of letters is our bank account, birth date or even street address. But, how safe is the password inside the Internet Browser, and what dangers lurk behind it all?

Saved Password and Internet Security

Internet secure access concept background by cienpies Daniel Rodriguez
Internet secure access concept background by cienpies Daniel Rodriguez | Source

The Password – Secret Word Overridden

“A password is a secret word or expression used by authorized persons to prove their right to access information”. The definition of the password says volumes even if we choose to ignore it. Let’s underline the word “secret”. Majority of users take this word lightly. It has been proven in numerous research that users save their passwords, share their passwords, and even generate them for the sake of having one.

The recent breaches and the Dark Web’s growing sales of the accounts and passwords have opened an insight. Judging by the number of the most common passwords, the majority of the people apparently thinks in the same way. The statistics show that top of the most common passwords in the recent years are:

  • password
  • 123456
  • abc123
  • querty
  • monkey
  • letmein

The first one, “password”, is commonly used. However, everyone knows that even the hackers. The hackers use brute force attack when attempting to crack a password. The method actually signifies trying all the possible combinations of letters and other characters during the cracking attempts. Therefore if the hacker doesn’t enter the “password” as his first attempt, he will discover it in 1 minute and 13 seconds.

The much stronger password would be with more characters and numbers. For example, a password “chairlampdesk90” will take him exactly 2,503.645 years and 8 months. How do you know how long does it take to crack your password? Using the online “how secure is my password” tools that have no data transfers to the servers.

Before you start thinking if your password is easily hackable, you still need to know what exactly goes on behind the curtains when you save a password.

The Web Browser – Cookie Backpacker

The Web Browser has no choice but to accept cookies. It carries one per each website visited, during the day that is a backpack full of cookies. Web Browser is a subway commuter, which jumps from one train to another, all the while getting tickets. Speaking of which, what are the cookies, and what exactly is stored inside them?

The cookies are code strings, a message which web server gives to the browser. The browser will store this message in a text file. The next time browser jumps on board the webpage, it will ask him for a ticket.

The message inside the cookie is its identification. The cookies contain parameters that are passed to them by the web server.


- The name of the cookie.

- The value of the cookie.

- The expiration date of the cookie. Which clearly marks the date until the cookie will remain active in Web Browser.

- The path of the cookie. Only the web server that sent the cookie can have access to it.


The cookie, therefore, resides within the Web Browser. It has made a home inside its folders. During its lifetime the cookie will monitor and obtain a certain information. This information is stored in the cookie and will be sent back to the server it came from. In other words, the cookie is an alien scout.

Scouting for the information it will start with our computer. The cookie needs to obtain our software, and hardware so the website can serve the best experience accordingly. Each computer is different and the website adjusts its screen resolution according to our computers specification.


- Screen resolution.

- Processor.

- Operating System.

- Graphics Card.

- Web Browser.

- Location.


That is its basic data collected. However, whatever we do on the website, whatever we click or information we leave, will be stored in the cookie. This includes any credit card number and passwords we may have entered.

The regular cookies can be deleted easily, using software or doing it manually which retains the data collected. But, in the recent years, the companies developed super-cookies. These are much more resilient than others, they cannot be deleted easily. The cookie will eventually return to its home server and report on the information.

Delete the Cookies?

Some websites will log you out if the cookies are cleared. Which means you break the session with the website that no longer recognizes who you are. However, the super-cookies as they are called are persistent and can be deleted only with Privacy Software.

What is Privacy Software?

Many companies have developed a Privacy Software like Identity Theft Preventer. It is designed to scan and report on all exposed sensitive data. No matter if its stored locally or within the Internet Browser.

Have You Ever

Do You Clean Cookies Regularly?

See results

The Malware – Thief of Information

There are many types of malware on the black markets of Dark Web. During the recent years, criminals have developed a Malware-as-a-service model. Each malware is easily available for a certain price. The prices vary from $10 to $40.

The most used malware in collecting the data are Trojans and Spyware. Each gives its owner access to the computer it has infected. How do you get malware? There are numerous ways a computer can be infected and the most common ways are:

- Downloading suspicious software or files.

- Visiting unsecured websites.

- Being a victim of drive-by download by no fault of our own.

- Clicking a link to malware-infested website.

Once it installs on the host computer the malware will spread and execute a search for the information. Similar to cookie it will report the basics and allow access to its owner. The owner, however, can view and collect any file on the host computer.

When we save a password the browser itself remembers it and stores it among its own files. For a hacker who knows where to look, it will be an easy job. The information will be sent to the designated server, and possibly sold on the Dark Web market for no more than $1. It takes nine minutes for the thief to put the information on the sale.

The Methods of Prevention

The possibilities of having an account accessed are numerous. But there are only a few effective ways to protect the password.

- Generating a strong password that is not easily and quickly cracked.

- Using a Password Manager to store the passwords in the vault.

- Avoiding saving passwords and writing them down on a piece of paper, not the computer.

- Using the privacy software to detect exposed files,

- Updating all software regularly.

- Updating drivers if possible.

We enter the digital world wholeheartedly, thinking what we do on personal computers is available only to us. The truth is, anyone from websites that sent cookies, to Web Browser Company, and malware owner knows what has been visited and even stored on the computer. That makes our computer less personal, and much more shareable.

© 2018 Dan Elle

working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://corp.maven.io/privacy-policy

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)