When you enter your password on a website, Yandex.Browser offers to save it for you. For future visits to this site, your saved password will be entered for you automatically.
If you do not want Yandex.Browser offer to save passwords:
To view the list of websites for which you have allowed or not allowed passwords to be saved:
In the Passwords window in the Never saved section you'll see a list of sites that you did not allow to save your passwords. In the Saved passwords section, you'll see a list of sites where your passwords are saved in Yandex.Browser.
To delete a password from the list:
If you forgot a password but it is saved in Yandex.Browser, you can view it in the settings:
Enter your account password in the window that appears and click OK.
The box will display the password from the website.
To make the password hidden again, click Hide in the box with the password.
Yandex.Browser applies additional password protection against:
Identical passwords. This is a serious threat to security. By getting the password to one account, an attacker can gain access to all the other accounts.
For example, if you use the same password for your online bank and for an online store, employees of the online store can get access to your personal bank account without you knowing it.
It is particularly dangerous to use the same password for HTTPS and HTTP websites. Because passwords for HTTP websites are not encrypted, they can be intercepted by hackers who can use these passwords on an HTTPS website to steal personal data or money.
Once you enter a password on an important website, Yandex.Browser uses it to create a fingerprint (hash) and saves it in its database. When you enter passwords on other websites, the browser compares their hashes with the ones in its database. If there is match, the icon will appear on the right side of SmartBox to warn you. The browser will ask you to confirm that you want to use the same password on several websites before sending your password to the server.
Yandex.Browser protects passwords to popular websites such as VK or Mail.ru. The browser makes a list of important websites, but you can add other ones as well (such as websites where you make online payments).
To enable protection:
Passwords for important sites are saved by Yandex.Browser as hashes. Because passwords are not stored as plain text, hackers will not be able to get access to your personal information even if they steal the password database.
Cryptographic hashing helps transform a password into a unique character sequence that can be easily used for password identification, but it is practically impossible to restore an original password using it. For example, the string “hello” after hashing can be transformed into the sequence “2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824”.
Yandex.Browser uses the SCrypt algorithm for hashing. This algorithm generates a hash using not only the central processor, but also multiple read/write operations in the memory. This approach makes it difficult to crack passwords. For example, a hacker will not be able to speed up a brute force hacking attempt using a video card processor. The SCrypt algorithm is used, for example, in LiteCoin crypto currency.
As a result, it will take a malicious user more than 100 years to match a six-digit password, including uppercase letters, lowercase letters, numbers, and special characters.