Modern web browsers aggressively encourage users to save passwords. From a usability perspective, it makes sense — fewer login prompts, faster access, and happier end users. From a security and risk management perspective, however, saved browser passwords can be a serious liability, particularly in enterprise, shared, or unmanaged environments.
Having worked across helpdesk, systems administration, and security-focused roles, I’ve seen browser-saved credentials lead directly to:
- Compromised email accounts
- Lateral movement in corporate networks
- Breaches caused by shared workstations
- Former employees retaining access long after offboarding
This article explains how to delete and disable saved passwords in Google Chrome and Internet Explorer, but more importantly, when you should, why it matters, and what better alternatives exist.
Why Saved Browser Passwords Are a Security Risk
Before jumping into the “how”, it’s important to understand the risk model.
Common High-Risk Scenarios
Saving passwords is especially dangerous when:
- Computers are shared between multiple users
- Generic or shared logins are used (still very common)
- Devices are not encrypted
- Browsers are synced to personal Google accounts
- Endpoint security maturity is low
I’ve personally responded to incidents where:
- A staff member saved webmail credentials on a shared PC
- Another user accessed sensitive email weeks later
- No malware was involved — just saved passwords
What Types of Credentials Are at Risk?
Saved passwords often include access to:
- Corporate webmail portals
- VPN and remote access gateways
- Cloud admin consoles
- Banking and finance portals
- Shopping sites storing payment details
Once compromised, password reuse makes the blast radius even larger.
When Saving Passwords Is Acceptable
To be clear, saved passwords are not inherently evil.
They can be acceptable when:
- The device is single-user
- Each user has a unique OS login
- Full disk encryption is enabled
- MFA is enforced on sensitive services
- Endpoint protection is in place
Even then, browser password managers should not be your first choice in professional environments.
Best Practice Recommendation (From the Field)
For IT professionals and organisations:
- Disable browser password saving
- Use a dedicated password manager (Bitwarden, 1Password, KeePass, etc.)
- Enforce MFA everywhere possible
- Educate users — not just lock things down
Now, let’s get into the practical steps.
When using a shared computer with a shared login ensure you select the below if prompted to save your password:
For Internet Explorer :
For Google Chrome :
If you logon to a computer with a unique username and password that only you will know the credentials, then it is fine to save your passwords for convenience since the access is only allowed when you are logged in..
How to Delete and Disable Saved Passwords in Internet Explorer 11
Note: While Internet Explorer is deprecated, it still exists in legacy environments, kiosks, and older line-of-business systems — particularly in government and industrial settings.
Step 1: Remove Saved Passwords
Click Reset
Open Internet Explorer 11
Click the gear icon (top-right)
Select Internet Options
Go to the Advanced tab
Click Reset
Tick Delete personal settings
Ensure that you tick Delete Personal Settings and click Reset
This removes:
- Saved passwords
- Cached credentials
- Temporary data tied to AutoComplete
Step 2: Disable Password Saving Permanently
- Reopen Internet Explorer
- Go to Internet Options
- Select the Content tab
- Under AutoComplete, click Settings
- Disable:
- Browsing history
- User names and passwords on forms
- Ask me before saving passwords on forms
- Click OK
To view stored credentials directly, select Manage Passwords, which opens Windows Credential Manager.
To manage passwords in IE select the Manage Passwords button.
- Finally, select OK and close out of Internet Explorer and reopen it. Done.
How to Delete and Disable Saved Passwords in Google Chrome
Chrome is by far the most common browser in enterprise and personal environments — and also one of the most aggressively persistent when it comes to password saving.
Step 1: Remove Existing Saved Passwords
- Open Google Chrome
- Click the three-dot menu (top-right)
- Select Settings
- Navigate to Autofill → Password Manager
- Review saved credentials
- Click the X (or delete option) next to each entry
For shared systems, remove all saved entries.
Step 2: Disable Password Saving in Chrome
- Open Chrome Settings
- Go to Autofill → Password Manager
- Disable:
- “Offer to save passwords”
- “Auto sign-in”
This prevents Chrome from prompting users to store credentials in the future.
Chrome Password Manager and Google Account Sync: The Hidden Risk
This is the part many users — and even some IT staff — overlook.
If a user is signed into Chrome with a Google account, saved passwords are:
- Synced to Google’s cloud
- Accessible from any device signed into that account
- Potentially exposed if the Google account is compromised
Real-World Issue I’ve Seen
A contractor logged into Chrome using their personal Google account on a work PC.
Passwords saved during that session were later accessible from their home laptop.
No malware. No hacking. Just sync.
Important Takeaway
Disabling saved passwords locally also affects synced passwords — but only if the user is signed in when making the change.
Enterprise Controls and Group Policy (Advanced)
For managed environments, browser settings should not rely on user behaviour.
Consider enforcing:
- Chrome password manager disabled via Group Policy
- Mandatory MFA for web applications
- Endpoint encryption (BitLocker)
- Browser sign-in restrictions
These controls remove human error from the equation.
Better Alternatives to Browser Passwords
From a security perspective, browser password managers are entry-level solutions.
Better options include:
- Enterprise password managers
- OS-level credential vaults with MFA
- Hardware security keys
- SSO with conditional access policies
They provide:
- Stronger encryption
- Auditing and visibility
- Access revocation
- Reduced password reuse
Final Thoughts: Security Is About Context, Not Convenience
Saved browser passwords are convenient — until they aren’t.
In shared or unmanaged environments, they represent one of the simplest ways credentials leak. Deleting and disabling saved passwords in Chrome and Internet Explorer is a small change that can prevent disproportionately large security incidents.
From years in IT operations and security-adjacent roles, my rule is simple:
If you wouldn’t write the password on a sticky note, don’t store it in a browser on a shared system.
From my early days on the helpdesk through roles as a service desk manager, systems administrator, and network engineer, I’ve spent more than 25 years in the IT world. As I transition into cyber security, my goal is to make tech a little less confusing by sharing what I’ve learned and helping others wherever I can.