Viewing an article in the news about Pegasus spyware, I read that one of the functions of Pegasus was to steal passwords. I have often seen people store passwords in Excel, Notepad and in their browsers. In addition, I often see passwords being sent by E-mail, text messaging, WhatsApp and other social media communications platforms. According to Morning Brew:

The [Pegasus] spyware unlocks root access to a device, meaning the user can see the target’s emails, call logs, social media, passwords, pictures, video, sound recordings, and browsing history—including apps with end-to-end encryption, like WhatsApp and Signal.

When you save your passwords digitally, they are susceptible to being discovered by malware.

Why is Storing or Saving Passwords in a Browser NOT Secure?

If you save your passwords in your browser, a person may be able to sit at your desk, visit a Web site such as Gmail or your bank and access your account without having to know your password, because it’s saved. What’s worse is that the same person can view your saved passwords relatively easily and without having any advanced computer skills.

Here’s how easy it is to view passwords saved in Firefox.

Open Firefox.
Open the Menu, and select Preferences.
Click Privacy & Security (from the left pane).
Scroll to Logins & Passwords.
Click Saved Logins.
Select the site from the left pane.
Click Show Passwords.

Passwords in Browsers

It’s just as easy on other browsers! Anybody with access to your computer can easily view your saved passwords. If it’s this easy for someone with little or no IT skills, imagine a hacker with advanced computer skills and remote access to your device or a piece of malware programmed to do the same. If you don’t want your browser to ask you to save the password, you can disable it in the settings. In Firefox for example, go to settings -> security and uncheck the option ‘ask to save passwords’.

What’s more, since people oftentimes use the same password (or variations of the same password) across multiple sites, the passwords gleaned from your browser can then be used to seed a brute force attack algorithm and get into other systems.

What’s the Best Place to Store Passwords?

The best place to store passwords is in your memory. Since this is unlikely given the vast amount of passwords we need to remember, the second best place is on a sheet of paper, stored in a combination safe or in a locked drawer. Passwords should be long, at least 14 characters and should not contain dates, names of your family members or pets, since this information can often be found on social media.

Contrary to popular belief, passwords should not be unintelligible characters and numbers. They should be changed frequently, giving you the opportunity to memorize them and then scratching them from the list!

Never use names or dictionary words followed by dates as passwords. Never use personal information than can be easily obtained from social media such as family member names, pet names, birth dates and hobbies. Cracking algorithms can quickly deduce these types of passwords.

A good strategy for lengthy, easy to memorize password is to use phrases, separated by special characters. For example: I*LOVE*Breaking*Bad*yo! Although it seems lengthy and difficult to memorize, it’s not! I guarantee you will remember it after only a few logins.

Additional Password Safety Tips

  • Set a screen saver inactivity period of 15 minutes or less to lock your computer in case you leave and forget to log off.
  • Use lengthy password phrases and store them under lock and key until you memorize them.
  • Don’t store your passwords on any electronic device and don’t save logins on your browser.
  • Check your passwords periodically against dark Web database dumps to see if any services you use have been hacked.
  • Don’t re-use passwords or use variations of the same password across multiple sites and services.
  • Avoid using password hints. If required, use incorrect information that cannot be obtained through public records or social media.
  • Secure as many services as you can with multi-factor authentication.


Leave a comment

Your email address will not be published. Required fields are marked *

error: Sorry, copy/paste is disabled
Skip to content