Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.
Password Manager Browser Extensions: Safety Hazard or Not?

Password Manager Browser Extensions: Safety Hazard or Not?

By Zoltán G.Zoltán G. Verified by Sander D.Sander D. Last updated: July 16, 2024 (0)

There are plenty of password managers on the market, all capable of effectively and securely storing your login credentials and other sensitive data. Password managers appear in many different forms and have their own respective list of special features, yet there is one thing that they all have in common: they import login data to their safe vault via browser extensions.

These add-ons are very convenient when it comes to importing and auto-filling credentials, but over the last few years they have been involved in some nasty security breaches. So the main question is: are they really a threat against our online privacy or is it still safer to have them in our browsers than continuing the bad habits of sticky notes and reused passwords?

What seems to be the problem?

Before jumping into early conclusions, let’s clarify one thing right at the beginning: thanks to military-grade encryption, password managers themselves are so secure it is virtually impossible to access them without the master password, especially when two-factor authentication is turned on, too. Another important aspect is that password management tools are capable of encrypting data before it enters into the password manager company’s cloud storage.

This is not the case of browser extensions, however, the code of which can be easily accessed by experts and less tech-savvy users alike, displaying vulnerabilities like the decryption key used by the software, the option to bypass the security question and, worst of all, making your passwords visible.

The internet is already full of cases of security ‘horror stories’ involving browser extensions but one of the most recent breaches occurred at LastPass. In March 2017 Tavis Ormandy reported that by sending unauthenticated messages to the company’s extension, authorized LastPass commands like copying and filling passwords could have been accessed. Thankfully the company proved why password managers are considered to be on top when it comes to eliminating security breaches, since the vulnerability and an eerily similar counterpart were patched within 24 hours.

The moral of this case can be summarized like this: password manager browser extensions are indeed vulnerable, but thanks to the constant monitoring by their developers, a hacker has to work at the speed of light in order to actually exploit the vulnerability before it is patched and becomes publicly known.

Better to have an extension than nothing at all

Some experts say that it’s best to ditch password manager browser plugins altogether, since it is only a tool of convenience, plus it will always be the target of hackers as they try to find the Achilles’ heel of password managers. But if there is one thing internet users won’t give up, even if they were facing the end of a gun, it’s convenience – the main reason they are using password managers to begin with.

Sticky Password extension password details

Password managers are well aware of the constant attacks, therefore they pay extra attention to their browser add-ons1Password, for instance, claims that its extension never contains any data whatsoever, since it only acts as a ‘bridge’ between the actual desktop app and your browser. In fact, most of these desktop-only password managers have very limited browser plugins, only capable of displaying what has been saved to your vault; every action related to passwords and other credentials can only be performed in the software itself, which means there is absolutely nothing to be compromised in the extensions. This way the add-on serves its true purpose – saving and filling passwords – while still revealing nothing about you and your credentials should it be attacked by hackers.

An extra layer towards perfect online protection

Having a strong password, activating the two-factor authentication and installing an add-on that cannot be compromised is already enough to effectively protect your online identity. But if you want to go one step further and make sure you achieve perfect protection, consider using a VPN as well. Unlike password managers that only encrypt login credentials and sensitive information, VPNs hide literally everything by encrypting all of your data and tunneling your internet traffic through a secure VPN server located anywhere in the world.

With a VPN turned on your internet activity becomes invisible for ISPs and, as a nice addition, it allows access to sites that are geo-blocked.

User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Latest Articles

4 Reasons To Choose CRM Software With AI
With the competition increasing, maintaining lasting customer relationships is more crucial than ever. Customer relationship management (CRM) systems have long been the backbone of most businesses’ effective interaction management, helping them streamline processes, improve satisfaction, and boost sales
Read article
Empower Your Wedding With The Perfect Hashtag
Do you remember the time when # was a simple sign used only in phone menus? The mundane past of the hashtag is now gone, because Twitter came, saw, and turned this barely known sign into a global Internet craze. 
Read article
Recommended Wedding Website Builders for UK Couples
Recommending a wedding website builder for users from a specific country is a bit tricky. On one hand, these companies offer their services internationally and the customization options leave plenty of room for writing the content in ...
Read article

Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us