Passwords are really the keys to your business data.
Email SaaS platforms, banking, internal systems etc. Once an attacker has a password the rest of the environment often isn't far behind.
I hear some great advice repeated all the time: Use an approved enterprise password vault (shout out to my homies like Keeper Security, Inc. Bitwarden or 1Password etc)
And honestly... you really should.
But hereโs the reality: users donโt like change. Even when organizations deploy proper password managers, people still fall back to whatโs easy, ๐๐ฎ๐๐ถ๐ป๐ด ๐ฝ๐ฎ๐๐๐๐ผ๐ฟ๐ฑ๐ ๐ถ๐ป ๐๐ต๐ฒ ๐ฏ๐ฟ๐ผ๐๐๐ฒ๐ฟ.
Browsers prioritize convenience, while attackers and infostealer malware know exactly where to look for stored credentials.
One way to reduce that risk is disabling Chromeโs built-in password manager.
Hereโs how:
- Go to your start menu and open "Registry Editor" as admin
- Go to this path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
- Either create or open/edit a DWORD called "PasswordManagerEnabled" and set it to 0
IMPORTANT: This setting change only stops from saving new passwords but does not delete or modify already saved passwords in the Chrome user profile.
More info from Google directly here: https://lnkd.in/gVC3fk_Z
Let close those small gaps attacks love to exploit
(if you want a free guide of other hardening tips like this or a better/automated method of hardening configuration settings emial me at hardeningtips@senteon.co ๐ )