Jump to content

Do you save passwords in Chrome? Maybe you should reconsider


ShyWriter
 Share

Recommended Posts

.
Do you save passwords in Chrome? Maybe you should reconsider

Summary: Every modern browser lets you save and sync user names and passwords for your favorite websites. Maybe that's not such a good idea.

By Ed Bott for The Ed Bott Report
August 7, 2013 -- 00:17 GMT (17:17 PDT)


You might want to think twice before you let someone borrow your computer.

The most obvious risk of allowing someone else access to your desktop is that they can impersonate you, using any app where you’re already signed in. They could send prank messages using your default email client, or profess your undying love for Justin Bieber using your logged-in Twitter account.

That’s annoying, but far from fatal.

But the situation becomes considerably worse if you use Google Chrome to save and sync passwords for easy logins at your favorite websites. An intruder who has unrestricted access to your computer for even a minute can view and copy all of your saved passwords just by visiting an easy-to-remember settings page: chrome://settings/passwords.

That link opens the local copy of your saved password cache, which is synchronized to every machine where you sign in with your Google account.

And the funny thing is, anyone who visits that page can see the plaintext version of every saved password just by clicking a button.

 

The saved password list shows the web address, username, and password for each saved set of credentials. Initially, the saved password is displayed as a row of asterisks. But if you click the masked password, you see a “Show” button that you can click to immediately display the saved password.

chrome-password-show-button-214x46.jpg?h

A malicious or spiteful intruder who can lure you away from your computer briefly can see your saved passwords, then close the settings page. And you have no idea that your credentials have been compromised.

Here’s what the attacker sees. I’ve altered the passwords and blurred crucial details in this screenshot, but it should give you a good idea of the scope of the problem:

chrome-password-reveal-620x222.jpg?hash=

This isn’t a new feature, of course, but the issue got some publicity earlier today when software designer Elliott Kember posted a rant titled “Chrome’s insane password security strategy” at his blog. And the issue got more heated when the post sparked a discussion on Hacker News where Chrome developer Justin Schuh told Kember, in essence, That’s not a bug, it’s a feature: (More...)
 
Continued at: http://www.zdnet.com/do-you-save-passwords-in-chrome-maybe-you-should-reconsider-7000019074/
 
Steve

Link to post
Share on other sites

Firefox is the same way, it can come in handy, but that area should have a password on it that's needed to access it.

 

I use the SECURE LOGIN Firefox extension which stores the passwords elsewhere.. (Similar to Opera's "Wand" extension.)

 

RE: https://addons.mozilla.org/en-US/firefox/addon/secure-login/?src=userprofile

 

EDIT: Oopss.. Initial link was the direct install; this link is to the Explanation page.. mea culpa; sorry... :)

Edited by ShyWriter
Link to post
Share on other sites

I use the SECURE LOGIN Firefox extension which stores the passwords elsewhere.. (Similar to Opera's "Wand" extension.)

 

RE: https://addons.mozilla.org/en-US/firefox/addon/secure-login/?src=userprofile

 

EDIT: Oopss.. Initial link was the direct install; this link is to the Explanation page.. mea culpa; sorry... :)

 

Now that sounds interesting, just out of curiosity where is it storing the information?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.