Your Digital Keys, Left in a Locked Building
You get the email on a Tuesday. The browser you've used for two years, the one holding passwords for your bank, your work Slack, your obscure forum account with a username you will never reconstruct, is being discontinued. The company is moving on. You stare at the screen for a second, then close the tab, because surely it'll be fine.
It might be. But "might" is doing heavy lifting there.
Passwords Don't Live in the Cloud (Usually)
Most desktop browsers store saved passwords in an encrypted file on your local machine. Chrome keeps them in a SQLite database called `Login Data` inside your user profile folder. Firefox uses a `logins.json` file paired with a `key4.db` encryption key. Neither file is readable without the decryption layer the browser itself provides, which is why opening the file in a text editor won't reveal your Netflix password.
The encryption is typically tied to your operating system's credential store. On Windows, Chrome uses the DPAPI (Data Protection API), binding the encrypted blob to your Windows user account. On macOS, browsers often store credentials in the Keychain. This is actually good news: your passwords aren't secretly being transmitted somewhere obscure. They're on your hard drive, protected by your OS.
Cloud sync changes this picture. If you signed into Chrome with a Google account and had sync enabled, your passwords also live in Google Password Manager, a separate service with a separate lifespan. Discontinuing Chrome wouldn't touch that. But a smaller browser with a proprietary sync service? That server-side copy goes dark when the company does.
What Discontinuation Actually Looks Like
Browser companies rarely flip a switch overnight. The more common pattern is a staged wind-down: a deprecation notice, then a sunset date months away, then the download links go dead, then eventually the sync servers shut off.
Consider two people who both used a mid-tier browser with built-in sync. Priya saw the discontinuation notice and spent an afternoon exporting her passwords to a CSV, then imported them into Bitwarden. Done, fifteen minutes, problem solved. Daniel ignored the email, kept using the browser past the sync server shutdown date, and found his passwords still accessible locally because the app still ran. Six months later, his laptop died. The browser was gone from every download source, his cloud backup was gone with it, and he was starting over from zero on accounts he couldn't remember creating.
Starting over from zero is genuinely painful. Ask Daniel.
The lesson isn't dramatic. Local data survives longer than cloud data, but neither survives indefinitely without action.
The Export Window (Don't Miss It)
Every major browser includes a password export function, and using it the moment a discontinuation is announced is non-negotiable. In Chrome, it's buried under `Settings > Autofill and passwords > Google Password Manager > Settings > Export`. Firefox has it under `Logins and Passwords > Export Logins`. The output is almost always a plain CSV file.
That CSV is unencrypted. Every password, in plain text, sitting in a file on your desktop. Import it into a password manager immediately, then delete the CSV and empty your trash. Don't email it to yourself. Don't put it in Dropbox. This is the step people skip, and it's the one that actually creates a security problem.
Bitwarden, 1Password, and KeePass all accept CSV imports with minimal fuss. The process takes about fifteen minutes if your vault has under two hundred entries.
A direct question worth sitting with: if your browser disappeared tomorrow, would you know where to find the export option? Most people don't until they need it.
What People Get Wrong About This
The popular assumption is that browser passwords are fragile, and that a company shutdown means immediate loss. That's overstated, and it leads people to panic about the wrong thing. Local password stores are remarkably durable. A browser file sitting on a hard drive doesn't care that the parent company filed for bankruptcy.
The deeper vulnerability is subtler. Browsers that relied on proprietary sync ecosystems, especially smaller ones built without open export standards, sometimes stored passwords in formats that were difficult to extract without the running application. If the application stopped launching on a newer OS before you exported, you were in genuine trouble. Opera's older Presto-era browser used a format that didn't migrate cleanly to the Blink-based version, and users who hadn't manually exported found themselves locked out of credentials they assumed were safely "in the browser."
Another thing people consistently underestimate: auto-fill credentials are not credentials anyone consciously remembers. Research on password behavior finds that people have no independent recall of 30 to 60 percent of their saved passwords. Those aren't passwords reconstructable from memory. They're gone if the storage is gone, as irrecoverable as a phone number you only ever let your contacts app dial for you.
The fragility isn't in the shutdown itself. It's in the gap between "the app still runs" and "the app runs on my current machine forever."
Before the Lights Go Out
If you're reading this because a browser you use just announced a shutdown, the priority order is simple.
Export immediately. Don't wait for the final day. Sync servers often go down before the official end date, and the export function only needs the local app to work.
Then audit what you're moving. A discontinuation is a surprisingly useful forcing function to delete credentials for services you no longer use. A password vault with 400 entries, sixty of which are for dead websites, is just noise.
After that, move to a dedicated password manager rather than another browser's built-in storage. Browser password managers are convenient, fine, but they're secondary features of products whose primary job is rendering web pages. A dedicated manager treats credential storage as the main event, with proper breach monitoring, cross-device sync built on open standards, and export tools that aren't an afterthought. Keeping your passwords inside a browser is like keeping your only house key in a pocket that belongs to your jacket rental.
Browser passwords feel permanent because browsers feel permanent. They're not. Browsers are software products with product lifecycles, business models, and corporate parents who sometimes pivot, get acquired, or simply run out of money.
Your passwords will outlast the software that remembers them. The only question is whether you've made arrangements for that before the email arrives on a Tuesday.