By Arica Chhay, Jay Krous, Tap L, Gabe McGinnis
This article helps users make safer choices when browsing. It doesn’t cover the entire scope of risks associated with using web browsers, but these are three of the most common risks at the moment.
1. Minimize browser extensions.
Web browser extensions are tools to extend or enhance your browsing experience, often by adding new features or enabling integrations with other applications, such as Google or Zoom. While most extensions are useful, extensions have also become a new method to sneak undesirable code onto your computer. Extensions, disguised as useful utilities or carefully named to sound like legitimate software, may pop-up in an attempt to entice you while web browsing. Don’t fall for this trick and allow access to your systems. You should only download an extension via the browser extension store.
You might also take a moment to review your current extensions. Make sure you understand them all and have a use for them. There is value in removing and reducing the number of extensions. To safely acquire extensions or manage and remove unknown extensions, please follow the recommendations from your browser.
- Chrome: Install and manage extensions.
- Firefox: Find and install add-ons.
2. Do not save login credentials on browsers
You’ve probably heard “protect your credentials utilizing a password manager, like LastPass.” However, we’ve noticed many people using the built-in password storage feature of the web browser to store credentials. This is NOT a safe option and is not a password manager. The technology behind password managers is significantly different from saving login credentials with built-in browser password managers.
Built-in browser password managers do not safely store your passwords. There are utilities that allow an attacker with access to your computer to extract all the passwords stored in your web browser. This is not a theoretical threat and has actually happened to someone at the Lab. While it doesn’t happen often, this attack has severe consequences; imagine all your stored passwords being known to an attacker! Such an incident would not only be a Lab issue, but likely a personal cyber security nightmare.
The browser password storage feature is convenience-based and not a security-driven feature. IT recommends you turn off the option to save passwords and autofill login information altogether.
- Chrome: Manage passwords in Chrome (see the section on Start or stop saving passwords).
- Firefox: Disable password saving in Firefox.
A dedicated password manager like LastPass supports all major browsers and operating systems but operates as a third-party, independent of the browser.
3. Maintain computer and application updates.
Browsers like Chrome and Firefox have automatic updates enabled by default. Updates normally happen in background processes when the browser application is opened and closed. If a browser hasn’t been closed in a while, then updates for both the browser and extensions might be pending.
- Chrome: Check for updates to Chrome.
- Firefox: Update Firefox to the latest release. Restart the browser to complete the process.
in the bottom right or navigate to