Should I let my browser or the site remember my password, or neither?
Solution 1:
On my personal computers I will allow my web browser to remember my passwords, but that is because they are mine and nobody else will ever touch them (unless they break into my house and steal all my stuff, and then I have bigger things to worry about).
For public computers or work computers I would definitely choose neither, especially if you are working on a shared system.
Solution 2:
Since either way anybody with access to your computer could easily get into your accounts, neither of these options is very secure. I would guess, that because the "Remember me" feature uses cookies, and usually expires, it would be slightly safer because your passwords are not (as far as I am aware) stored anywhere.
I prefer to use something such as Roboform or Lastpass, where the password is autofilled for me, but I can set it to ask for my master password the first time it logs in during a browsing session. That way I don't have to remember my passwords, but other people still can't access them.
Solution 3:
With a browser remembered password you are open to at least two problems:
- Others using your browser and getting your access
- Malware picking up your password from the browser (limited to the browser vulnerabilities)
With a 'site remembered' password, you have a cookie placed in your browser by the site.
This is also unsafe (depending on the level of your paranoia):
- Same problem as before, anyone accessing the browser from your login has access
- Cookies can also be 'stolen' or miss-used
Always derive your paranoia based on the sensitivity of the password.
Your gmail password (just) might be safer to loose then your bank password.