It seems Google doesn’t think you should trust users with their passwords. Google has started developing a new feature, the Chrome password generator. And it is a good point to consider. While the IT crowd is smart with their passwords, end users have proved over and over that they’ll choose convenience over security, regardless of the obvious consequences. So, perhaps they’re on to something here, and it might help you manage the end-users in your midsize business.
The Good and the Bad
Google’s long-term plan is to couple a “browser sign-in” feature, meaning you would sign in upon opening Chrome, with OpenID for Web pages. However, they’re aware that it will take time to get hosts to sign on, so they have another plan in the meantime. Google’s current project is to use heuristics to detect when you are on a page that allows you to register an account. When you begin the registering process, there will be an icon in the password field that you can click on, which will generate a random, strong password managed by the Password Manager, according to ZDNet.
The feature only works with Chrome, obviously, and only works with new passwords when you sign up for an account on a Web page. Google notes that they may, in the future, ask users to change their passwords with this feature, but fear it might only annoy some users. But wait, what if you need to use your password outside of Chrome? Google thought of that, apparently, and will establish a site to retrieve and “potentially export” your passwords.
Google isn’t discounting the flaws of this plan. As noted in their Chromium blog, the feature won’t work for sites that have auto-complete turned off. Because of that, Google notes that users won’t be protected against 40 to 70 percent of phishing pages. Google’s tentative idea to combat this is to have users log in to the browser again upon visiting a Web site like this. Google also notes that their storing users’ passwords to every applicable site will make them a higher-value target, but argue “that won’t change much” and therefore apparently believe they can handle it.
Benefits to Business
You can’t really deny that end-users are, in general, quite lazy with their passwords. They either choose ones that are ridiculously easy to remember, reuse passwords for different sites, or both. Indeed, a SplashData report confirmed that many users are still using painfully weak passwords, as discussed in a previous infoboom article. This, in turn puts your company’s network at risk. Any business-related information your end-users handle could be compromised if their passwords are stolen or cracked. Since it generally seems users will use easy-to-remember passwords no matter what you tell them, a feature like this has the potential to be well received. However, this is only a benefit if your midsize business uses Chrome or plans to switch. Although unlikely, if there isn’t much keeping you with your current browser other than maintaining consistency, this might be an argument to switch. That is debatable, as one major browser always seems to set the trend for others, depending on who comes out with said feature first.
That said, if other browsers do follow suit, you might reap the benefits of Google’s idea anyway. While it will require some polishing, and some users might rebel, something like the Chrome password generator might be the only way to handle end-user password safety, since there is little you can do short of assigning passwords yourselves. On the scale that Google will be doing it, this would likely take more time than it is worth for you when you could be focusing on more strategic IT issues.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.