Hello, Crown Clients and Friends!
The web browser is an important tool for keeping your information secure, but web browsers are changing rapidly. Web browsers are constantly plugging security holes and introducing new features to help us keep our identity safe online. Some of the newer features of browsers, however, might offer us convenience over security. Here are two tips to help ensure that your browsing experience on mobile and desktop devices is safe.
For a web browser to stay secure, it needs to be up to date. When a company like Google or Apple find out that attacks are being launched on their browsers, they typically fix the problem in a way that most users don’t notice and push out updates every two to three weeks. Installing those updates is critical to keeping your information secure while browsing the internet.
If you use Apple OS X, or Microsoft Windows 10, then Safari and Edge, respectively, will be updated with your regular system updates. If you use Google’s Chrome, or Mozilla’s Firefox, it will update automatically in the background; simply closing all the windows of Chrome or Firefox will perform an update if necessary, so remember to close your browser often and don’t leave tabs open to save your place for later.
On mobile devices, web browsers are updated like any app, usually with an App Store application managing updates automatically. For most users, both on mobile and on desktops, the key to staying up to date is having the operating system update automatically, and to allow those updates to happen, sometimes by restarting a desktop computer, or plugging in a mobile device to charge while on Wi-Fi.
Modern browsers often try to get you to sign in and store passwords, history, and bookmarks for you in your account. This seems convenient, but it also means that the account associated with your browser is the key to all your other accounts.
It's a good idea to avoid using the built-in password manager because if your Google account (for your Chrome browser) is compromised, then an attacker can simply open a web browser and see all your passwords in plain text. Even if you have strong Multi-Factor Authentication (MFA) enabled on your account, the risk is simply too high. Most likely, someone could simply get their hands on one of your devices and have full access to all your passwords. For instance, if you were to store passwords for your company’s network inside of a Google account, not only is your personal account at risk, but also your entire work network could be at risk and have severe consequences.
Instead, security experts recommend third-party password managers that are not integrated with your browser account. Popular, multiplatform services like 1Password and BitWarden offer password management at no or low cost for personal use. These services have apps for every desktop and mobile operating system that make it easy to manage passwords across your devices. They use what is called “zero-knowledge” encryption, which means that only your devices see your password in its unencrypted form and the service never stores them in a readable format.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team