ItsGeekToMe.co

Q: Love your column and read it regularly. Your answer in this morning’s NWF Daily News (Geek Note: I.G.T.M. Issue #570, June 24, 2018) to “is it safe to store your password in your browser,” prompts a few more questions.   1) I have been told to close a browser after using it for a login so that my username and password would therefore not be saved, but if I did not close the browser, they could/would be saved. What is the real truth? 2) If I do allow a password to be saved but want to delete it later, how do I do that? 3) If I do let the browser save my password, does it pop into that site’s login screen when I submit my username next time?

– Loyd T.
Inlet Beach, Florida

A: All very valid questions, Loyd, and it will be my pleasure to answer them for you.  First of all, your understanding of the reason that you must close a browser after a login is just a bit off.  I do want to note that this generally applies to public computers, not those in your own home, unless you need to protect access from other family members or others who might access your private computer.  Now then, the reason to log off is because you’ve logged into sites.  Yes, you did use your username and password, but this isn’t about protecting that information.  If you simply walk away, the next person doesn’t need to sign-in at all, because you may have left them with an open session to the site in question.  Just going back to the site will often drop someone right where you left off, in the middle of banking, shopping, reading e-mail, etc.  Session information is stored in browser cookies – small files of information that websites use to place information on your local PC.  When properly used, these cookies are not deleted until you close the browser.  Do so, and no more cookie, which means no session data information left behind, which means nobody can access the site as you without your login credentials.

The answer to your second question depends on your browser.  In Internet Explorer, click on Tools->Internet Options, then go to the “Content” tab.  Under “AutoComplete”, click “Settings” then click “Manage Passwords”.  Make sure “Web Credentials” is selected, then do your business in the list.  In the Edge browser you begin by clicking the “three dots” icon in the upper-right corner.  Click “Settings” on the menu, then click “Advanced Settings”.  Scroll down to find “Manage passwords” and click it.  Right-click on the one you want to delete, and select “Delete credential”.  In Google Chrome, start by clicking the three vertical dots in the upper-right corner.  From the menu, choose “Settings”.  Scroll all the way to the bottom, and click “Advanced”.  Scroll some more until you find “Manage passwords”.  Each entry in the list of saved passwords has a 3-dots button on the right.  Click one, and you’ll find a “Remove” entry on the menu.  Other browsers that store passwords will have similar steps to remove them.  If it’s not obvious by browsing the settings, simply visit Google and type “How do I delete stored passwords in (browser name here)”.

Your final question is kind-of the whole definition of what we’ve been talking about.  When you tell the browser to save your login information, the browser encrypts the credentials you supply and then stores them.  Depending on the browser, and on your configuration, the storage location might be local (only stored for this PC) or in the cloud (will be used on other Internet-connected PCs when you’re signed-in to the appropriate service).  Assuming you browse to a site that has stored credentials, then yes, the browser decrypts them, and puts the username and password into the appropriate blocks for you.  It stops short of submitting the login data, just in case you might want to sign-in using credentials other than what are stored.

To conclude this topic, I think it’s worth mentioning that you are probably going to run into the occasional site where the whole auto-fill thing just doesn’t seem to work.  What I mean is that you’ll find sites where either the browser doesn’t offer to save the credentials, or, even though you are certain you saved them, they don’t pop into the login fields when you re-visit the site.  This is generally a conscious decision on the part of the website operator to enforce stricter security than what you’re trying to use.  The operator has decided to eliminate any potential problems with stored passwords by simply not allowing them to be used.  Believe it or not, they’re doing this strictly to increase your personal security.