'Password reuse only sharpens this problem': Browser-based password storage isn't as safe as you think

NordPass survey of 7,800+ users found 40–50% still store passwords in browsers for convenience

This practice leaves credentials exposed to malware, account compromise, or device theft, especially with password reuse

Experts urge switching to passkeys or dedicated password managers with zero‑knowledge encryption for stronger protection

Most consumers still store their passwords in the browser, despite the cybersecurity community’s repeated cries over the risky practice.

Recently NordPass, a company building a password manager, polled 7,861 people in Australia, Canada, France, Germany, Italy, Spain, the UK, and the US, on their password storing habits, and learned that the vast majority (between 40% and 50%) save their secrets just in their browser.

"Convenience and ease of use dominate as the top two drivers, confirming that browser password saving is overwhelmingly a comfort-driven behavior — with cost and passive auto-save prompts playing a secondary but consistent role," says Karolis Arbaciauskas, head of product at NordPass and its parent organization, Nord Security.

Password managers are a better option

Whenever a user creates, or types in a password, the browser would offer the option to store it. However, if the device is infected with malware, if the browser account gets compromised, or if someone gains access to the computer, these passwords can easily be stolen.

To make matters worse, NordPass says that many users set the same passwords across numerous services, creating a “digital house of cards that collapses if just one account is breached.”

For years now, the cybersecurity community has been recommending either the use of passkeys, or a password manager for more secure storage. NordPass says that a small percentage of respondents combine between browsers and password managers, in which the latter is more used as a backup option. However, that backup will do little good if the browser is compromised.

"Browser-based password managers are certainly a better choice than simply reusing or slightly altering the same password everywhere. However, dedicated password managers offer distinct advantages, such as encryption based on zero-knowledge architecture. This means all data is encrypted on your device before it ever leaves your computer or smartphone, ensuring that not even the developers can access your passwords — let alone anyone else," says Arbaciauskas.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

How to store passwords securely

Use a dedicated password manager

Secure your password manager using two-factor authentication

Make use of security checkup features to check for reused or weak passwords

Always use a strong, unique password for each account

Use dark web monitoring to check for leaked usernames, email addresses, and passwords

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.