We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

MSE News: Google Chrome warning: Be careful with online passwords

Options
"It's been revealed that online passwords are stored with little security on Google Chrome, so users should beware..."
Read the full story:

Google Chrome warning: Be careful with online passwords

OfficialStamp.gif


Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
«13

Comments

  • keyser666
    keyser666 Posts: 2,140 Forumite
    Hardly anything new?
  • dtaylor84
    dtaylor84 Posts: 648 Forumite
    Part of the Furniture Combo Breaker
    What a ridiculous article.

    Whilst Internet Explorer and Firefox may give the option of encrypting all your passwords using a "master password", I think you'll find (almost) no one bothers to set one! Where's the dire warning for users of those browsers to set the password?

    Ultimately, if the browser is able to send your password to the remote site without you having to type it (or another master password) then quite clearly your computer knows the password, and anyone with access to your computer can find it too!

    And given the (lack of) strength of passwords chosen by most users, storing them unencrypted on their own PC is the least of their worries.
  • VisionMan
    VisionMan Posts: 1,585 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    My passwords got hacked because of the above. And I didn't understand how. So my son said 'Did you save passwords in Chrome?' to which I replied I didn't know. So without using a password, he went into Chromes ' Advanced Settings' page and there they were, unprotected. They have since been deleted.

    And how many other non Chrome savvy users don't know this either? Because not everyones an expert, you know.
  • dtaylor84
    dtaylor84 Posts: 648 Forumite
    Part of the Furniture Combo Breaker
    My point isn't that this is not a problem. My point is that this is the wrong problem to be worrying about.

    1. It's not just Chrome -- people save their passwords in all browsers, and almost none of them will both know how to and be bothered to set a master password in them.

    2. It's the wrong problem to worry about. If someone has managed to gain access to your computer to view your unencrypted passwords, they have sufficient access to install a keylogger and get all your passwords anyway.

    3. It's entirely the wrong problem as most password compromises happen at the other end. Hackers don't attack a single computer and steal one user's passwords. They attack a company and steal passwords for the entire userbase. Hopefully, if the company is remotely competent, these will be hashed passwords, but well over 50% of passwords are so weak they can be easily guessed by a computer in minutes or hours.

    If MSE want to champion computer security, it's certainly a worthwhile cause. But this article is (as usual) misleading and sensational.
  • SewerSide
    SewerSide Posts: 126 Forumite
    Part of the Furniture 100 Posts
    Massively much more important is to use different passwords for every site. That way if one site gets hacked, they cant reuse your email and passwords on other sites.

    If you want to securely store passwords in Chrome (or other browsers), use an add-on such as Lastpass or Keepass. Lastpass in particular is very good at importing your passwords from your browser, helping you change them to more secure passwords, and making them accessible from any browser you use. (Keepass has a free Android app as well).
  • zagfles
    zagfles Posts: 21,381 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Chutzpah Haggler
    As I understand it IE will encrypt the stored passwords with the user's password as the key - so other users shouldn't be able to see them unless they know your password. Not sure about firefox.
  • zagfles
    zagfles Posts: 21,381 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Chutzpah Haggler
    SewerSide wrote: »
    Massively much more important is to use different passwords for every site. That way if one site gets hacked, they cant reuse your email and passwords on other sites.
    Definitely! Seem to remember there was some scam a few years ago along the lines of some website offering freebies, you just had to register with a username and password. They then tried that same username and password on all the internet banking sites :eek: and yes, some people were daft enough to use the same username/password!
  • VisionMan
    VisionMan Posts: 1,585 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Photogenic
    dtaylor84 wrote: »
    My point isn't that this is not a problem. My point is that this is the wrong problem to be worrying about.

    1. It's not just Chrome -- people save their passwords in all browsers, and almost none of them will both know how to and be bothered to set a master password in them.

    2. It's the wrong problem to worry about. If someone has managed to gain access to your computer to view your unencrypted passwords, they have sufficient access to install a keylogger and get all your passwords anyway.

    3. It's entirely the wrong problem as most password compromises happen at the other end. Hackers don't attack a single computer and steal one user's passwords. They attack a company and steal passwords for the entire userbase. Hopefully, if the company is remotely competent, these will be hashed passwords, but well over 50% of passwords are so weak they can be easily guessed by a computer in minutes or hours.

    If MSE want to champion computer security, it's certainly a worthwhile cause. But this article is (as usual) misleading and sensational.

    I know what your point was. And a valid one it is too.

    But you missed mine. If anyone, be that family, friends, or my childrens mates can view all my passwords via Googles advance settings page, thats just poor. And highly alarming too.

    The MSE article is valid. And right to point it out too.
  • NewFolder
    NewFolder Posts: 83 Forumite
    There are a lot of bad things people could do if you leave your computer unattended and unlocked. The easiest solution is to either lock the screen (windows logo key and L) or even better, save some battery life and/or electricity and put it into standby.

    Most browsers have this feature and have done for years. It can be incredibly useful if you ever forget a password.

    At least in chrome, it only reveals passwords individually. In Firefox, there's a big button which will reveal EVERY username and password you have saved in the browser, meaning someone could get your credentials for your email, facebook, internet banking, and any other accounts you have, instantly.
  • DJ_Mike
    DJ_Mike Posts: 250 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Thanks for the pointless anti-Chrome sentiment and driving people onto inferior browsers, MSE.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.7K Work, Benefits & Business
  • 598.5K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 256.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.