22Kas
Does not storing passwords in browser really matter given cookie hijacking exists?
I see lots of articles suggesting not storing passwords in the browser, and it made perfect sense to me, if I can access this data easily, an attacker probably can too.
But then I found out about cookie hijacking, and it seems to me that if your browser is compromised you are already susceptible to this attack that seems much worse (because it can even bypass MFA, since the user is already authenticated).
Stealing passwords stored in the browser would still be dangerous because an attacker could try these passwords in other services, but if I'm already using different passwords for each service, and MFA whenever possible, is the extra security from not storing passwords in browser really worth the convenience loss?
