Your chrome passwords for all to see

this_is_gav said:
Fact. If you leave your key in the ignition and vacate the car, someone has the ability to turn said key and drive off.



Given the fact that he's only just exporting from Safari now suggests that "software engineer" translates loosely as "user of a computer".
Click to expand...

I like you.
 
Surely people only use the 'Remember Password' feature to remember passwords for pointless sites (like forums), where you should never use the same type of password as for more important things like banking, email, etc.

I think this 'exploit' only leaves my OcUk account and a few other forums vulnerable - quick to the internets!!
 
As the OP I just thought it would be interesting for discussion,

Having not used IE or Firefox for many years i was not aware they are all the same. I am surprised that they all allow you to view the passwords in plain text,

I do agree it is a bit of a non story and it seems poor to specifically target the article at chrome
 
Meh.

Settings_-_Passwords-20130807-203300.jpg
 
it's the same for thunderbird and firefox..
well not exactly but you can see your passwords instead of asterisks.
how is it a flaw? don't let people on your comp you don't trust without supervision....
I have always found it a useful feature for when I forgot a password and it's useful for exporting passwords if you do a fresh install as theres an app for migrating thunderbird/firefox passwords and profiles

was it IE that used to save form information including your credit card number if you ever inputted it into a website :rolleyes:
now that is a flaw

It's like saying letting people into your house is a flaw because they might rob you... just don;t let people in you don't trust and stop trying to make a big deal out of a non story
 
Last edited:
It shouldn't really store passwords in clear text and allow you to view them though, that's just basic security stuff and there's no need for it.
 
Just to clarify, is this storing passwords that you have clicked 'yes store this' or ANY password that you have entered and not told it to save?
 
Macro said:
It shouldn't really store passwords in clear text and allow you to view them though, that's just basic security stuff and there's no need for it.
Click to expand...

How else is it going to pass the password through to the webpage though?

At some level there will need to be a plaintext password inserted into the relevant webpage. Sure they could save it in a less obvious place and store it encrypted, but what's the point when the decryption key would also need to be stored locally, and you could just go the site with the saved password and intercept the password when it's inserted into the field?

I guess a marginal solution could be to have the password file encrypted and you need to enter a password to decrypt it every time you launch your browser...
 
Web browsers have been storing passwords like this since IE4 first added the feature. It's really not news.

Password details used for any kind of "auto complete" feature have to be stored somewhere in reversible format. Sure encryption *could* be used, but that would be reversible still. Chrome has adopted the policy of "well, if we don't display them in clear text then somebody will just write a tool that extracts them from the database in clear text anyway". Which makes perfect sense.
 
Jesus non news story.. How else did anyone think it would store passwords if you checked save...

Are the media really picking up on this..? User error as usual.
 
I'm kind of surprised that it doesn't at least have a similar thing as Firefox where you can set a master password which is required to access the list of stored passwords.
 
memyselfandi said:
I'm kind of surprised that it doesn't at least have a similar thing as Firefox where you can set a master password which is required to access the list of stored passwords.
Click to expand...

People who know enough to feel that they need that kind of security will install an extension (such as LastPass) which allows that. People who don't know and don't care would just write the master password on a post it and stick it to the screen anyway.

Don't save passwords unless your machine is secure by default. How difficult is that? The issue here is people who fail to understand how to keep themselves secure online.
 
AJK said:
People who know enough to feel that they need that kind of security will install an extension (such as LastPass) which allows that. People who don't know and don't care would just write the master password on a post it and stick it to the screen anyway.

Don't save passwords unless your machine is secure by default. How difficult is that? The issue here is people who fail to understand how to keep themselves secure online.
Click to expand...

Ha, I thought about starting to use LastPass once ... it was May 2011, then within a week they had their own security compromise issue which put me off using them personally.

I know quite a few people who have a master password set in Firefox ... none of them have it written on a postit. It isn't a case of it making things super secure ... it's for stopping the opportunist "mate" who wants to do something stupid to your Facebook ...

Anything that truly important, like online banking, is saved in one place ... between my ears ....
 
I've actually forgotten my lastpass master password in the past and had to redo about 30 accounts, but I'd rather have a hideously hard password (which mine is) than use weaker passwords for some of the sites. The recent Uplay issues weren't a problem for me as I always used unique passwords now, generated by lastpass.

Still tempted to move to Keepass, but we'll see :P
 
You must log in or register to reply here.
Back
Top Bottom