In order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module(TPM). Our approach encrypts users’ passwords with keys generated by the TPM, which uses a master password as the credential for authorization to access the TPM. Such a hardware-based feature may provide an efficient way to protect users’ passwords. Experiment and evaluation results show that our approach performs well to defend against password stealing attack and brute force attack. Attackers cannot get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable. Our order to enhance the security of a browser password manager, we propose an approach based on a hardware trusted platform module (TPM). Our approach encrypts users’ passwords with keys generated by the TPM, which uses a master password as the credential for authorization Such a hardware-based feature may provide an efficient way to protect users’ passwords. Experiment and evaluation results show that our approach collaborate to defend against password stealing attack and brute force attack. Attackers can not get passwords directly from the browser, therefore they will spend incredible time to obtain passwords. Besides, performance cost induced by our approach is acceptable.