How Safe Is Our Password Saved Inside the Web Browser?

While the passwords are not exactly gold, they guard something far more precious. We all met someone who said: “It’s just letters, I have nothing to hide”. Behind the simple combination of letters is our bank account, birth date or even street address. But, how safe is the password inside the Internet Browser, and what dangers lurk behind it all?

“A password is a secret word or expression used by authorized persons to prove their right to access information”. The definition of the password says volumes even if we choose to ignore it. Let’s underline the word “secret”. Majority of users take this word lightly. It has been proven in numerous research that users save their passwords, share their passwords, and even generate them for the sake of having one.

The recent breaches and the Dark Web’s growing sales of the accounts and passwords have opened an insight. Judging by the number of the most common passwords, the majority of the people apparently thinks in the same way. The statistics show that top of the most common passwords in the recent years are:

• password
• 123456
• abc123
• querty
• monkey
• letmein

The first one, “password”, is commonly used. However, everyone knows that even the hackers. The hackers use brute force attack when attempting to crack a password. The method actually signifies trying all the possible combinations of letters and other characters during the cracking attempts. Therefore if the hacker doesn’t enter the “password” as his first attempt, he will discover it in 1 minute and 13 seconds.

The much stronger password would be with more characters and numbers. For example, a password “chairlampdesk90” will take him exactly 2,503.645 years and 8 months. How do you know how long does it take to crack your password? Using the online “how secure is my password” tools that have no data transfers to the servers.

Before you start thinking if your password is easily hackable, you still need to know what exactly goes on behind the curtains when you save a password.

The Web Browser has no choice but to accept cookies. It carries one per each website visited, during the day that is a backpack full of cookies. Web Browser is a subway commuter, which jumps from one train to another, all the while getting tickets. Speaking of which, what are the cookies, and what exactly is stored inside them?

The cookies are code strings, a message which web server gives to the browser. The browser will store this message in a text file. The next time browser jumps on board the webpage, it will ask him for a ticket.

The message inside the cookie is its identification. The cookies contain parameters that are passed to them by the web server.

- The name of the cookie.

- The value of the cookie.

- The expiration date of the cookie. Which clearly marks the date until the cookie will remain active in Web Browser.

- The path of the cookie. Only the web server that sent the cookie can have access to it.

The cookie, therefore, resides within the Web Browser. It has made a home inside its folders. During its lifetime the cookie will monitor and obtain a certain information. This information is stored in the cookie and will be sent back to the server it came from. In other words, the cookie is an alien scout.

Scouting for the information it will start with our computer. The cookie needs to obtain our software, and hardware so the website can serve the best experience accordingly. Each computer is different and the website adjusts its screen resolution according to our computers specification.

- Screen resolution.

- Processor.

- Operating System.

- Graphics Card.

- Web Browser.

- Location.

That is its basic data collected. However, whatever we do on the website, whatever we click or information we leave, will be stored in the cookie. This includes any credit card number and passwords we may have entered.

The regular cookies can be deleted easily, using software or doing it manually which retains the data collected. But, in the recent years, the companies developed super-cookies. These are much more resilient than others, they cannot be deleted easily. The cookie will eventually return to its home server and report on the information.

There are many types of malware on the black markets of Dark Web. During the recent years, criminals have developed a Malware-as-a-service model. Each malware is easily available for a certain price. The prices vary from $10 to $40.

The most used malware in collecting the data are Trojans and Spyware. Each gives its owner access to the computer it has infected. How do you get malware? There are numerous ways a computer can be infected and the most common ways are:

- Downloading suspicious software or files.

- Visiting unsecured websites.

- Being a victim of drive-by download by no fault of our own.

- Clicking a link to malware-infested website.

Once it installs on the host computer the malware will spread and execute a search for the information. Similar to cookie it will report the basics and allow access to its owner. The owner, however, can view and collect any file on the host computer.

When we save a password the browser itself remembers it and stores it among its own files. For a hacker who knows where to look, it will be an easy job. The information will be sent to the designated server, and possibly sold on the Dark Web market for no more than $1. It takes nine minutes for the thief to put the information on the sale.

The possibilities of having an account accessed are numerous. But there are only a few effective ways to protect the password.

- Generating a strong password that is not easily and quickly cracked.

- Using a Password Manager to store the passwords in the vault.

- Avoiding saving passwords and writing them down on a piece of paper, not the computer.

- Using the privacy software to detect exposed files,

- Updating all software regularly.

- Updating drivers if possible.

We enter the digital world wholeheartedly, thinking what we do on personal computers is available only to us. The truth is, anyone from websites that sent cookies, to Web Browser Company, and malware owner knows what has been visited and even stored on the computer. That makes our computer less personal, and much more shareable.