30in30

From Convenient to Compromised

This article is part of the "Write 30 in 30" challenge, where participants commit to writing and publishing for 30 minutes a day over 30 days. I joined this challenge to kickstart my writing journey. Through these stories, I share insights from my life and career, including my experiences with ASD (Asperger's) and the challenges I've overcome to become the person I am today. Given the 30-minute time limit, these pieces are more like drafts—unpolished but heartfelt snapshots of my journey.

Amanda Benadé

Do you use your browser's password manager? It might seem like a secure and convenient way to store your login information, right? In my experience, it’s not!

Four years ago, when I had to relocate, I used my then-fiancé's PC temporarily until my own system arrived. I had a laptop, but it was painfully slow, so I only used it for support tasks.

While using his PC, I took all the necessary security precautions. Since he was running Windows 7, I worked in an Internet Explorer incognito window and avoided logging into my personal browser profile. The only account I accessed was my Gmail, which managed all my email accounts.

When my system arrived, I happily switched back. While using my own Edge browser, I was shocked - and horrified - to discover that I now had access to ALL the passwords saved in my fiancé's browser password manager! I could even view these passwords by entering my PIN.

I immediately informed him about this security breach, deleted all the unauthorized passwords, and double-checked his PC to ensure my passwords hadn’t synced to his system. Thankfully, they hadn’t.

This led me to stop saving my passwords in browser password managers, and I avoided using personal browser profiles altogether.

Two years ago, I bought a new laptop, and to my surprise, Microsoft Edge had synced back all the deleted passwords. I deleted them again. Then I started using the Vivaldi browser, only to discover that its password manager had imported all the passwords from Microsoft Edge - including the ones I had deleted before.

I’ve lost count of how many times I’ve deleted these unauthorized passwords. They keep syncing back. While writing this article, I checked both Microsoft Edge and Vivaldi’s password managers, and once again, all those passwords were still there. 

This morning, I’ll be spending time deleting ALL the passwords from the browser password managers - again - and hoping they finally stay empty.

If you’re using browser password managers, you might want to reconsider and switch to dedicated password managers like BitWarden. Browser password managers are convenient, especially for syncing passwords between devices. But what happens if someone else uses your PC or device and unintentionally gains access to all your passwords - like I did?

Just something to think about.

[Updated]

Back to Articles