The Bitwarden Blog
Look Beyond Your Browser for Password Management
April 13, 2022
It’s 2022. You’ve been writing down your passwords in notebooks, jotting them down on Post-Its, or just doing your best to memorize them. But, you’re starting to get nervous. There is a lot of talk about the potential for nation-state cyberattacks. You know people who’ve had their identities stolen. Your credit card has been compromised a few times. Maybe, you think, it’s time to try out this whole password manager thing. Now, where to start?
Any password manager is better than no password manager. But, the general consensus from experts is that stand-alone password managers (such as Bitwarden) are safer than browser-based password managers (such as those offered by Google Chrome or Apple Safari).
While we’re admittedly biased, we decided to compile a round-up of third-party insights about the benefits of dedicated password managers. For the purpose of this blog, we’ve specifically focused on security, ease of use, and cross-platform availability. The first criteria is particularly critical; if there are security deficits, everything else is essentially a moot point.
Browser password managers aren’t necessarily the safest option. They’re not as secure as dedicated password managers. Let’s take Google’s password manager, built into Chrome, because Chrome is by far the most popular web browser. It's pretty good, but it doesn’t keep your passwords quite as safe as it claims to.
Unlike most dedicated password managers, Chrome doesn’t use a master password to encrypt all your logins. (Note that some browsers do use one, and are therefore more secure, though you’ll still need to trust your browser provider.) This makes your Chrome-stored passwords relatively weak to ‘local’ attacks. For example, if someone knows you well and gets hold of – or guesses – your Windows password, they can then see all the logins stored in your browser’s password manager.
The one primary downside to using your Google, Apple, or Firefox account to store passwords is that they're not as tightly safeguarded as with a third-party service.
Even if you secure your account with two-factor authentication (and you absolutely should if you're storing passwords in it!), Google, Apple, or Firefox tend to be more lax about accessing passwords from a device that's logged in. Often they don't ask for reauthentication to use a stored password, unlike most dedicated password managers—and that can be a security hazard on a shared device.
Overall, this (Google Chrome) is a mainstream and very intuitive tool. The only caveat is that many security experts find it fairly unreliable because there is no master password, and if an account is hacked, the intruder may get hold of all the data in one hit.
Another thing worth considering is that user data is Google’s main product leveraged for targeted advertising and other sketchy things. Therefore, it might not be a good idea to store all your credentials using a single built-in password manager, especially when it comes to extremely sensitive information.
The reason security experts recommend you use a dedicated password manager comes down to focus. Web browsers have other priorities that haven't left much time for improving their password manager. For instance, most of them won't generate strong passwords for you, leaving you right back at "123456." Dedicated password managers have a singular goal and have been adding helpful features for years. Ideally, this leads to better security.
In a recent Security.org survey of American adults, only 20% of people said they use a password manager. One of the factors influencing this low number is the (mistaken, we believe) assumption that it’s easier to use a browser-based password than a conventional password manager.
Most modern password managers offer a number of convenient features: the import/export functionalities, hotkeys (a set of keyboard shortcuts to auto-fill login information), and the ability to securely share passwords through a system protected by end-to-end encryption.
It’s also far easier to use an independent password manager across different types of devices since a browser-based password manager is inherently, well, browser-based. Bitwarden, for example, works with all devices - phones, laptops, tablets - and across Widows; Mac; Linux; iOS and Android; Chrome; Firefox; Safari; Edge; and many more niche browsers. In short, a user has complete cross-platform availability.
Apple Keychain and the Google Chrome Password Manager are password managers, but they lack the features of “full-service” ones. Sticking with Apple or Google means you can’t easily use your password manager with other devices or browsers.
Using one of the best password managers is the single best way to boost your online security. There will be no more need to remember dozens of long, complicated passwords, or even worse, to rely on a few terrible, repeatedly used passwords. Instead, you'll have just one long, complicated password that can unlock all the rest.
The best password managers also quickly and easily generate strong passwords for you. Most can automatically fill in login forms, and many also fill in credit-card numbers and personal details.
Browsers revolve around your account alone, but password managers include features that help you easily and securely share passwords with other people—helpful if someone needs to use your Wi-Fi, or a coworker needs access to a joint account, or if you want to share your Netflix password with your parents. Sharing login details is a pain if the information is stored deep in your browser.
Password managers usually support more robust auto-fill options as well. Yes, your browser likely includes those capabilities too, but as with the actual password management, it’s a basic incarnation. Anything your browser can do, a password manager can usually do better.
As mentioned, any password manager is better than nothing. With experts recommending an independent password manager, and with options for fully featured free accounts, you might be better off with that route. You will be in a good position from a security standpoint and you may even gain mental freedom and peace of mind from having to worry about passwords.
Ready to get started with a password manager today? Quickly get set up with a free Bitwarden account, or sign up for a 7-day free trial of our business plans so your business and colleagues can stay protected.
Back to Blog