Let’s be honest. We all find it useful when browsers offer to save our passwords — “oh good, now I don’t need to remember what passwords I’ve used for what websites and applications!”
As IT continues to tell customers and colleagues to use unique strong passwords, and to just stop using flyeaglesfly forever and ever and ever, built-in password managers in browsers such as Chrome, Firefox, Edge and Outlook are becoming increasingly popular. However, they aren’t that secure.
Different browsers use different types of security and encryption, for example Google Chrome uses AES encryption, with the encryption key secured separately by the Windows Data Protection API. while Firefox has a zero-knowledge policy.
This article will take a practical look at how you can view and delete saved passwords on any endpoint for four of the most common browsers.
Exposing passwords on Google Chrome
Your first step is to open Chrome on your computer. You’ll see the circular profile button on the right hand side, and from inside that tab, click on Passwords. To view passwords, simply click on the eye symbol, and the password will be revealed. You’ll need your computer password as authentication so that you can see the passwords in plain text.
You can also delete these passwords by clicking on the three dots to the right of each password, and choosing the option Remove. Finally, you can export passwords from the vertical dots button next to Saved Passwords.
There is also an option to delete all saved passwords at once, which can save valuable manual effort for an IT technician or an end user.
Open the tools menu by clicking on the three vertical dots, and click More Tools. Under this menu you’ll be able to see an option that is called Clear Browsing Data. When clicked on, this will open a new window, where you can choose Advanced. Make sure you only have Passwords and other sign-in data checked off and then click the Clear Data button.
Now that you’ve cleared the passwords, you can ensure that Chrome doesn’t save any more passwords moving forward from the profile page. Just click Passwords, and then turn off “Offer to save passwords.”
Exposing passwords on Microsoft Edge
There is a similar process for Microsoft Edge. Open the Settings menu from the right hand side of the toolbar, and scroll down to find the View Advanced Settings tab. You’ll then see a Privacy and Services option, and one level down, an option called Manage my Saved Passwords. From here you can view saved passwords and delete saved passwords. You’ll need to head back to the settings tab to delete all your saved passwords at once – just look for the clear browsing data option like on Chrome, and pick what you want to delete.
Under Advanced Settings you can also ask Edge to stop offering to save passwords, to stop users accessing this feature moving forward.
Exposing passwords on Mozilla Firefox
Start by opening Firefox, and open the Preferences menu from the toolbar via the three horizontal lines. Choose Privacy and Security, and then Saved Logins which can be found under Forms and Passwords. From here, simply view or delete the passwords you want to remove. You can also click Remove All to delete them all in one click.
Under Forms and Passwords, there’s also an option to uncheck the box that says “Remember logins and passwords for websites” so that Firefox doesn’t offer your customers or colleagues the option to save passwords on the browser, avoiding the security concern altogether.
Exposing passwords on Safari
Open up Safari, and then click the Safari button which you can find on the top left hand side of your screen. Click on Preferences, followed by Passwords. Click on a password to reveal it in plaintext, and delete using the Remove button. You can highlight all the passwords you want to delete using the Shift button, and then click Remove to delete all.
From the Preferences menu, you can use the AutoFill tab to turn off AutoFill for passwords and login details like usernames, ensuring that users can’t save passwords to their browser any more.
Looking for more in-depth password recovery options?
If you want to get more in depth with recovering and exposing different kinds of passwords, NirSoft is a popular open-source tool with our MSPs and IT pros, that can be used for a wide range of password recovery use cases.
Here are some of the most commonly used, all of which you can find direct links for on the main NirSoft website.
WebBrowserPassView: This allows you to view all passwords stored in your web browser, and is suitable for Internet Explorer, Firefox, Chrome, Safari and Opera browsers.
RouterPassView: A similar idea, but for routers, helping IT pros to extract passwords and credentials from a router back up file.
MailPassView: You’ve guessed it — password recovery for email clients. This tool covers Outlook, Eudora, Thunderbird and many other popular email options.
DialupPass: For recovering passwords that are in VPN or internet connections, this is a great tool.
BulletsPassView: Those little asterisks or *** that hide passwords from view? This tool will help you expose those characters when they are in standard text boxes.
Want an alternative to browser-based password solutions?
Looking for more tips around password management?
For better password hygiene, implement two-factor authentication to make each sign on attempt more secure and verifiable, ensure you rotate all master credentials regularly, and consider Single Sign On so that users only sign on once per day, giving you a lot more visibility and control over credential behaviors in your environment.
Atera is an all-in-one IT software solution for MSPs and IT professionals. We help you manage a complex IT environment with ease!
See Atera in Action
RMM Software, PSA and Remote Access that will change the way you run your MSP Business