It's a definite... maybe.
There are actually a couple factors to look at:
1) Does your computer go straight to a desktop when you turn it on, or do you have to enter a password?
a) Is that password something a little more complex than 'abc123'?
b) Is that password just written on a post-it stuck to your monitor?
c) Does your computer require you to RE log-in after you've walked away for a short period of time?
The less secure your computer itself is, then the more dangerous it is to use the browser to store your login credentials. That also has a bit of a caveat as well, as it also depends on what that particular website holds of your personal information. If it is a simple forum type site (such as this) or some other basic user based site with NO critical information about you, then using the browser to save the passwords isn't too bad of an option.
2) Do you use different and secure, non-post-it-noted passwords for your websites?
At a bare minimum I always recommend to my clients that they have 3 levels of passwords. The first "low-level" would be for sites where you are just a user, and the only purpose of logging in would be to keep track of your activity on that site. It has NO personal information (at least nothing too personal) about you and should someone gain access they wouldn't be able to do much than post messages as you or maybe change some settings to possibly harm your reputation on that site (and possibly others)
This would be followed by a slightly more complex (definitely not just plain dictionary words) "mid-level" password that you would use for sites that do hold a bit more personal information, email accounts that are just used to communicate with family, various shopping or bill payment sites possibly (only if you DON'T have payment info stored on them however), and websites that meet criteria such as that.
Finally, your mack-daddy-no-one-would-guess-this-in-a-million-years password. This is the one you use on your banking sites, and bill pay or shopping sites (Amazon?) where you have a credit card saved to enable 1-click shopping (that's a whole other discussion there). This password you would NEVER share with anyone (unless they are directly responsible for your birth, or you are sleeping with them, and both of those parameters should also be deeply considered before handing over this password).
Taking it one step further, would be having passwords that are unique to each and every website, this could only apply to the highest level as well, a standard "low-level" password I don't think is too worrisome an idea as long as it is used on the appropriate sites. Keeping unique passwords isn't as difficult as some might think, you can have a base password that is used in all of them, and then "salt" it with some other information.
For example, maybe I like cars, and my favorite is a 1957 Chevy, I could make my base password 5chev7, or any variation from there. I would then take the website I am at (forums.cnet.com) and use the first and last letter of the domain name 'ForumS.CneT.CoM' to add 'FSCTCM' to my list. I could then take it one step further and shift all letters to the right by one (or up/down a row) so to the right, 'FSCTCM' would become 'GDVYV<' I would add that to my base so my password for this website might be 'GDVYV<5chev7' or '5chev7GDVYV<' or any other variation. You would be able to recall it easily by just remembering your method, and any hacker that did manage to get their hands on it wouldn't know how to "decode" it.
Or you could use a service such as LastPass as others have recommended. I do a bit of both, I have some basic passwords for most websites such as this one, (though they are still stored in LastPass) but my banking, and ANY website that has any financial or highly personal information, is given a randomly generated password by LastPass so even if one of those sites is compromised, no other high level sites will be.
Hope that helps give you an idea of where to go with it!
Tekamba Computers, LLC
Prescott Valley, AZ
Was this reply helpful? (6) (2)