Home Forums Storing password as hash? Reply To: Storing password as hash?



Nowadays the browsers’ built in password remembering services are pretty well secured and stored in the cloud, when you use something like Chrome Sync. Previously they weren’t as secure, because they were storing them in the preferences files location, locally, together with the decryption key. They were pretty easy to decode and steal by even the simplest virus (stealer type).

But today they store them in the cloud, synced with your account that you use to sign into the browser to sync your browsing history and extensions. You can even provide a passphrase to be used as ‘salt’ when encrypting your data.

There are also 3rd party services like Bitwarden that have extensions for all big browsers and mobile platforms that do the same thing.

Furthermore, when you use a password remembering service, you can generate random passwords that you yourself don’t even know. Both browsers (at least Chrome) and 3rd party tools have mobile integrations that allow you to prefill passwords even outside the browser, in dedicated apps. They really cover all cases where you need to enter your password pretty well and, in my opinion, there’s no need to ever remember your passwords.

It goes without saying that I wouldn’t trust this with finance / banking apps, but for 99% of the websites, I use Chrome’s password manager and it’s awesome. Highly recommended!