MSE News: Google Chrome warning: Be careful with online passwords 21 August 2013 at 5:39PM in Broadband & Internet Access 23 replies 2.9K views

Former_MSE_Helen

"It's been revealed that online passwords are stored with little security on Google Chrome, so users should beware..."

Read the full story:

Google Chrome warning: Be careful with online passwords




Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.

keyser666

Hardly anything new?

dtaylor84

What a ridiculous article.

Whilst Internet Explorer and Firefox may give the option of encrypting all your passwords using a "master password", I think you'll find (almost) no one bothers to set one! Where's the dire warning for users of those browsers to set the password?

Ultimately, if the browser is able to send your password to the remote site without you having to type it (or another master password) then quite clearly your computer knows the password, and anyone with access to your computer can find it too!

And given the (lack of) strength of passwords chosen by most users, storing them unencrypted on their own PC is the least of their worries.

VisionMan

My passwords got hacked because of the above. And I didn't understand how. So my son said 'Did you save passwords in Chrome?' to which I replied I didn't know. So without using a password, he went into Chromes ' Advanced Settings' page and there they were, unprotected. They have since been deleted.

And how many other non Chrome savvy users don't know this either? Because not everyones an expert, you know.

dtaylor84

My point isn't that this is not a problem. My point is that this is the wrong problem to be worrying about.

1. It's not just Chrome -- people save their passwords in all browsers, and almost none of them will both know how to and be bothered to set a master password in them.

2. It's the wrong problem to worry about. If someone has managed to gain access to your computer to view your unencrypted passwords, they have sufficient access to install a keylogger and get all your passwords anyway.

3. It's entirely the wrong problem as most password compromises happen at the other end. Hackers don't attack a single computer and steal one user's passwords. They attack a company and steal passwords for the entire userbase. Hopefully, if the company is remotely competent, these will be hashed passwords, but well over 50% of passwords are so weak they can be easily guessed by a computer in minutes or hours.

If MSE want to champion computer security, it's certainly a worthwhile cause. But this article is (as usual) misleading and sensational.

SewerSide

Massively much more important is to use different passwords for every site. That way if one site gets hacked, they cant reuse your email and passwords on other sites.

If you want to securely store passwords in Chrome (or other browsers), use an add-on such as Lastpass or Keepass. Lastpass in particular is very good at importing your passwords from your browser, helping you change them to more secure passwords, and making them accessible from any browser you use. (Keepass has a free Android app as well).

zagfles

As I understand it IE will encrypt the stored passwords with the user's password as the key - so other users shouldn't be able to see them unless they know your password. Not sure about firefox.

zagfles

SewerSide wrote: »

Massively much more important is to use different passwords for every site. That way if one site gets hacked, they cant reuse your email and passwords on other sites.

Definitely! Seem to remember there was some scam a few years ago along the lines of some website offering freebies, you just had to register with a username and password. They then tried that same username and password on all the internet banking sites :eek: and yes, some people were daft enough to use the same username/password!

VisionMan

dtaylor84 wrote: »

My point isn't that this is not a problem. My point is that this is the wrong problem to be worrying about.

1. It's not just Chrome -- people save their passwords in all browsers, and almost none of them will both know how to and be bothered to set a master password in them.

2. It's the wrong problem to worry about. If someone has managed to gain access to your computer to view your unencrypted passwords, they have sufficient access to install a keylogger and get all your passwords anyway.

3. It's entirely the wrong problem as most password compromises happen at the other end. Hackers don't attack a single computer and steal one user's passwords. They attack a company and steal passwords for the entire userbase. Hopefully, if the company is remotely competent, these will be hashed passwords, but well over 50% of passwords are so weak they can be easily guessed by a computer in minutes or hours.

If MSE want to champion computer security, it's certainly a worthwhile cause. But this article is (as usual) misleading and sensational.

I know what your point was. And a valid one it is too.

But you missed mine. If anyone, be that family, friends, or my childrens mates can view all my passwords via Googles advance settings page, thats just poor. And highly alarming too.

The MSE article is valid. And right to point it out too.

NewFolder

There are a lot of bad things people could do if you leave your computer unattended and unlocked. The easiest solution is to either lock the screen (windows logo key and L) or even better, save some battery life and/or electricity and put it into standby.

Most browsers have this feature and have done for years. It can be incredibly useful if you ever forget a password.

At least in chrome, it only reveals passwords individually. In Firefox, there's a big button which will reveal EVERY username and password you have saved in the browser, meaning someone could get your credentials for your email, facebook, internet banking, and any other accounts you have, instantly.

DJ_Mike

Thanks for the pointless anti-Chrome sentiment and driving people onto inferior browsers, MSE.