The convenience of Chrome remembering everything is the same thing that gets your whole life stolen. Here's what to use instead.
Letting Chrome (or Edge, or Safari) save your passwords feels safe because it lives on your computer. It is, sort of, until the day someone gets remote access to your machine — at which point every saved login goes with them. A dedicated password manager solves this without making your life harder.
On Windows, Chrome's saved passwords are protected by your Windows login. Any malware running as you can read them all in clear text using a 30-line script. A password manager keeps your vault encrypted with a master password that never leaves your machine.
Chrome will offer to suggest one, but most people dismiss it because the suggestion is unreadable. A real password manager generates a strong unique one for every site automatically, fills it for you, and you literally never need to see it.
If you only save passwords in Chrome on your laptop, you can't get into anything on your phone without retyping. So you reuse passwords across sites because typing them on a phone keyboard is painful. A password manager has a mobile app that biometric-unlocks and autofills everywhere.
1Password (paid, family-friendly), Bitwarden (free + open source, paid for teams), or Microsoft Authenticator (free, integrates with M365 — comes with your Business Premium licence). Pick one, spend an evening importing your saved Chrome passwords, then turn off Chrome's password feature.
The only password you have to remember is the one to your manager. Make it long — four random words like elephant-banking-mountain-spaghetti is stronger than P@ssw0rd123! and easier to type. Don't use anything personal (pet names, kids' birthdays). Once you've memorised it, write it down somewhere physical and locked, just once, as a recovery copy.
Most managers have a built-in feature that scans the dark web for your email address in known breaches and tells you which of your passwords have leaked. When something pops up, the manager points at the affected site and lets you rotate the password in two clicks. Free, automatic, catches stuff you'd never know about otherwise.
Password hygiene plus MFA covers most of the personal-account threat surface.
whedo.it deploys Bitwarden or 1Password Business to client teams with single sign-on through Microsoft 365. Per-user pricing, central admin, secure recovery — under an hour to roll out.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director