Google Chrome’s Password Security is Absolutely Zero
Posted on 08/31/13
By Jehangir Khattak
Google’s Chrome may be one of the most popular browser in the world, but it may have another distinction too — It is one of the most vulnerable in terms of password security as well. Google acknowledges the huge security flaw but has no plans to rectify it, reports Charles Arthurin the British daily The Guardian.
The flaw, says Charles Arthur, offers unrestricted password access to anyone with access to user’s computer because plain text logon details for email, social networks and company systems are stored in the browser’s Settings panel.
Besides personal accounts, sensitive company login details would be compromised if someone who used Chrome left their computer unattended with the screen active.Seeing the passwords is achieved simply by clicking on the Settings icon, choosing “Show advanced settings…” and then “Manage saved passwords” in the “Passwords and forms” section. A list of obscured passwords is then revealed for sites – but clicking beside them reveals the plain text of the password, which could be copied, or sent via a screenshot to an outside site.But the head of Google’s Chrome developer team, Justin Schuh, said he was aware of the weakness and that there were no plans to change the system.
Chrome is one of the three most widely used web browsers in the world. Web designer Elliot Kember discoveredthe flaw while exploring the privacy settings of the Chrome.
According to Eric Lubbers, the Mobile Editor of The Denver Post, despite Chrome’s absolutely zero password security, there are still ways to secure the password information. In his blog, Eric identifiesfour precautions for personal information security on the Chrome. These include:
Make sure your computer is password locked at all times
Don’t let anyone use your computer. Ever.
Use an encrypted password manager like LastPass or 1Password
Turn off Chrome’s password manager
Online privacy and digital security has turned out to be the most hotly debated subject following disclosures by whistleblower Edward Snowden about National Security Agency’s massive “prism” surveillance program. It is this growing concern and public debate that lead to the announcement of a major reform of the program by President Barack Obama on August 9.
Some critics are calling the reforms as insufficient, yet many more are calling it as a step in the right direction. There is a near consensus on the importance of the program for the American national security in the Congress.
The online security debate has also brought business bonanza for some little known search engines such as DuckDuckGo. The main reason for the overnight popularity of this 20-person Philadelphia-based business offers what none of the big search engines do: zero tracking.
Charles Arthur in another recent article in The Guardian noted: “If the NSA demanded data from DuckDuckGo, there would be none to hand over.’
If Congress does nothing, then the law could become a vehicle for presidential abuse, especially because the act’s language seems to grant the president broad discretion that could insulate an emergency declaration from legal challenge. All eyes should be on Congress.