Browser Passwords – The Security Risk
An article on the Cisco Hack this week caught my eye. Not because hacks of major organisations are new but in the simplicity of the approach based on a behavior that almost everyone does online without thinking of the consequences. I am referring to saving password to your browser – which lets face it most people do. Its convenient especially when you have lots of passwords to remember and as your browser profile follows you around if you login using your Google account then you can access your stuff from any device. In the CISCO case the attacker targeted the personal Google account of an employee – how they knew their Gmail address is not disclosed but they bombarded the employee who had MFA on the account turned on to accept the MFA request through a process of “MFA Fatique” and Social Calls claiming to be from Google. Once in the hackers had access to the employees Google Account with its synced history of password logins to their Cisco accounts. Clever eh?
So now think how many passwords you have save into your Chrome or Edge account on your computer – its ALOT more than you think. Have a think every Bank, Netflix, Spotify, Email, etc account your have ever logged into while you are logged into Google on your browser. So what can you do to protect yourself?
Browser Security Tips
- Switch on SFA on your Google Accounts (in fact all accounts)
- Update your web browser
- Use different passwords for every website
- Check to see if you have plugins/extensions installed in the browser
- Check for leaked passwords on https://haveibeenpwned.com/
- Never click on suspicious links
- Always have good antivirus software esp on Smartphones.