Chapin Information Services - Password Management Tested on 5 browsers
The detailed test results are interesting. They point to improvements that all five major browsers should look at in the future.
However, users should avoid storing browser passwords anyway for sensitive sites (esp. e-commerce, banking, etc). It's a better practice to reenter ID and password credentials each time, in case someone gains access to your PC. The rentry process also helps in better remembering the password.
Conversely, financial websites should be programmed to avoid capturing password fields by the browser. Many sensitive sites are constructed in this manner where passwords are form fields and require multiple screens to enter. This technique prevents the ID and password from being stored.
Chapin Information Services - Browser Password Management Tests
QUOTE: The company took a look at all the major browsers: Internet Explorer 7, Opera 9.62, Firefox 3.04, Safari 3.2 and Google Chrome. According to the study, each browser was susceptible to a number of vulnerabilities that could expose password information.
Of the five, Opera Software's Opera and Mozilla Firefox fared the best—meaning they passed seven of the 21 tests. Internet Explorer passed five tests, while Google Chrome and Apple Safari passed only two.
Three issues were cited by CIS as being problems that, when combined, could allow cyber-thieves to steal passwords without a user's knowledge. The first two are whether the browsers check the destination where passwords are sent and the locations where they are requested
The third critical issue is whether the password manager delivers a password using a form that is not visible. If an attacker can put an invisible password form on the page and count on the password manager to fill in the form, it is possible to steal a user's password without the user ever knowing, Chapin explained.