What are the security implications of team members also saving passwords on their browsers?

Many team members including myself have saved a variety of passwords through our own browsers. As we migrate the team to 1Paswword this seems like a potential security issue. Does local browser saving of a password constitute a security risk? If so, what can we do to mitigate this risk?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:what are the security implications of team members also saving passwords on their browsers?

Comments

  • BenBen AWS Team

    Team Member

    Hi @DonGordon

    Thanks for taking the time to write in. It does become a 'lowest common denominator' situation. The security of 1Password is greater than that of most browser-based password managers, and so an attacker is more likely to try there first. Additionally as you change passwords and update them in 1Password, but presumably not in the browser, you'll have an issue of incongruous data, which is likely to be frustrating. We recommend turning off the browser's built-in password manager:

    Turn off the built-in password manager in your browser

    Ben

  • Thanks Ben, very helpful. A supplementary question: Once I have everyone migrated to 1Password I'm planning to change all the passwords in the vaults(at least all the sensitive ones). I believe that when I do so I can use 1password to generate strong new passwords. It is my understanding that any team member using 1Password to sign into those sites would be accessing the revised password and in effect would notice nothing different.

  • BenBen AWS Team

    Team Member

    Yes indeed. :) This guide may be handy when the time comes:

    Change your passwords and make them stronger

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file