Browsers come packed with features that no one thinks twice about using, but one of the most important ones is the password manager. Access to your credit cards, bank accounts, and social media logins are all stored in one place. Rather than trusting them to my browser, I’ve opted to use BitWarden instead.

Browser password managers have security problems

Though browser-based password managers have improved in recent years, there are still some problems.

Your PC login password

Foremost among them is the default access method. Normally, when you attempt to view your passwords in plain text, be stopped by your PC’s default login method. That could be a password, but it could also be a pin, face ID, or a fingerprint, depending on how your PC is configured.

If you’ve chosen your password well, then there is minimal risk. Unfortunately, passwords are often very insecure. They’re constantly reused, and if this is any kind of communal computer, there is a good chance that someone else already knows the password.

Credit: Lucas Gouveia/How-To Geek | JOURNEY STUDIO7/Shutterstock

Occasionally, there are also exploits that allow someone with access to your PC (or even just your hard drive) to reset your Windows password and change it to something else.

All of those avenues mean that your passwords are conceivably vulnerable to anyone that has access to your PC.

A cloud synchronized account

If you enable it, most browsers are capable of synchronizing your passwords across multiple devices. For example, on Google Chrome, you can save all the passwords on one device to your Google account, making them accessible on all your other devices. It can be extremely convenient. It can also be dangerous.

Password reuse is still unfortunately common, and if someone compromises your Google account, then it is entirely possible that they could gain access to all of the passwords you have saved to your Google account.

This is also potentially a problem for business and work-related logins. If someone logs into their work account through a personal browser and the password is saved to their compromised Google account, it could compromise the work accounts. Depending on the level of access, that could be an enormous problem.

Syncing your browser passwords to your Google or Firefox account is just not worth the risk.

Switching browsers can expose your passwords

When you have multiple browsers on a computer, you’ll often be prompted to transfer your bookmarks, saved passwords and credit cards, as well as your recent browsing data.

If your browsers do this directly, it isn’t a problem. Unfortunately, it is quite common to export the passwords to a CSV or an HTML file. Neither of those formats are encrypted, which means if someone should happen to gain access to that file, they have instant and complete access to everything.

Related

What Is a CSV File, and How Do I Open It?

A Comma Separated Values (CSV) file is a plain text file that stores data by delimiting data entries with commas.

BitWarden is free and better

Above and beyond the security implications, browser password managers just aren’t as well-designed as dedicated password managers. Out of all the options available, I’m partial to BitWarden. It is available for every major desktop and mobile operating system.

There is also a browser extension that can completely replace your browser’s built-in autofill function.

BitWarden enforces a master password

One of the major differences between browser password managers and BitWarden is the master password system. When you first create your BitWarden account, you’re forced to create a master password that is used to access all of your other passwords.

So long as you take care to create a new and secure password, it is a much better option than trusting your login details to your PC’s password.

Some browsers do have this feature, but it isn’t enabled by default.

Great password generation

One of the biggest security problems today is password reuse. Almost everyone is guilty of it to some degree, despite the fact that everyone knows it is a really bad idea.

BitWarden takes the usual password generator that you get in a browser and dials it up to 11. You can generate passwords, passkeys, and even unique usernames. You can also customize the length, how many special characters or numbers it’ll use, and whether it’ll use special characters and numbers at all.

There is a never-ending arms race between hackers, security experts, and you. Researchers have even managed to trick LLMs into generating malicious code that was capable of extracting passwords from Google Chrome.

Although browser password managers aren’t the worst thing in the world, there are better options available, and you should use them. After all, an ounce of prevention is worth a pound of cure—especially when your bank login and credit card details are on the line.