- NordPass’ survey of more than 7,800 users found that 40% to 50% still store passwords in browsers for convenience.
- This practice leaves credentials exposed to malware, account compromise, or device theft, especially with password reuse.
- Experts urge switching to dedicated passkeys or password managers with zero-knowledge encryption for stronger protection.
Most consumers still store their passwords in the browser, despite repeated complaints from the cybersecurity community about this risky practice.
Recently, NordPass, a company that makes a password manager, surveyed 7,861 people in Australia, Canada, France, Germany, Italy, Spain, the UK, and the US about their password storage habits, and found that the vast majority (40% to 50%) keep their secrets only in their browser.
“Convenience and ease of use dominate as the two main factors, confirming that saving your browser password is overwhelmingly a convenience-driven behavior, with cost and passive auto-save prompts playing a secondary but consistent role,” says Karolis Arbaciauskas, head of product for NordPass and its parent organization, Nord Security.
Password managers are a better option
Every time a user creates or types a password, the browser will offer the option to store it. However, if the device is infected with malware, if the browser account is compromised, or if someone gains access to the computer, these passwords can be easily stolen.
To make matters worse, NordPass says many users set the same passwords across numerous services, creating a “digital house of cards that collapses if a single account is breached.”
For years, the cybersecurity community has recommended the use of access keys or a password manager for more secure storage. NordPass says that a small percentage of respondents combine browsers and password managers, with the latter being used more as a backup option. However, that backup will be of little use if the browser is compromised.
“Browser-based password managers are certainly a better option than simply reusing or slightly altering the same password everywhere. However, dedicated password managers offer distinct advantages, such as encryption based on a zero-knowledge architecture. This means that all data is encrypted on your device before it leaves your computer or smartphone, ensuring that not even developers can access your passwords, let alone anyone else,” says Arbaciauskas.
How to store passwords securely
- Use a dedicated password manager
- Secure your password manager using two-factor authentication
- Use security monitoring features to check for reused or weak passwords
- Always use a strong, unique password for each account
- Use dark web monitoring to check if usernames, email addresses, and passwords have been leaked.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
