Google Chrome’s saved passwords can be easily hacked
Mozilla Firefox and Google Chrome are the most popular Internet Browsers with Chrome having a bit larger user base than Firefox. A few years ago, there was a huge migration of users from Firefox to other browsers when someone pointed out that the saved passwords could easily be hacked on Firefox. Now, it looks like it’s Chrome’s chance to face that fate.
It all started when Elliot Kember questioned Google’s security measures available on Chrome in his Blog. The simple demonstration he put up shows how easily a person with physical access to your Computer could access stored credentials including those of synced accounts.
The Login credentials you save on Google Chrome can be easily accessed by anyone with physical access to your computer, but hackers with the right tools can access computers which equals physical access. Kember showed that chrome://settings/passwords shows a page on Google Chrome which displays your saved Login credentials of various websites in decoded readable text form. You can also access this page by going into Options >> Personal Stuff >> Manage saved passwords.
Another question, Kember put up is why Google hadn’t been more public about it’s security decsisions in the past. Google Chrome’s Security Head, Justin Schuh responded on Kember’s Blog said that it doesn’t want “to provide users with a false sense of security and encourage risky behavior.” He also said that Google has “literally spent years” evaluating its security measures, giving it “quite a bit of data to inform our position.”
Mozilla Firefox recommends and facilitates for the usage of Master password for people using a Public Computer. This password is not displayed by default when a person searches for passwords. Internet Explorer and Safari also have the option to setup a system password. Ironically, the most popular Internet Browser – Google Chrome has a team that did not even consider that essential.
What can you do?
These are some things you can do to stay safe incase you use Google Chrome:-
1. To clear saved passwords, go to Tools >> Clear Browsing Data. Choose the beginning of time from the drop down and tick Clear saved passwords and the Clear Browsing Data.
2. To remove the notification asking you to save password when you login to a website, go to Options >> Personal Stuff and under Passwords select Never save passwords.
3. Switch to Firefox 23 – the latest update which brings a lot of features.
Stay safe, spread the news and leave your comments. (2)