All about Google Chrome & Google Chrome OS

05 Feb 12 Google Chrome passwords can be seen by anyone who sits in your chair

With respect to your web browser, convenience should never come at the price of security. It’s simply not a point that’s up for discussion in 2012 — security must be the number one concern of any individual or group designing a web browser. Google certainly trumpets the security of Chrome often enough, but there’s one fairly glaring hole that needs to be addressed.

You see, anyone who can see your operating system’s desktop can also see your Chrome passwords.

This is an issue I’ve warned about before. When Google introduced multiple profile support in a recent stable release of Chrome, I mentioned that there is no password protection mechanism that prevents someone with a secondary profile from switching back to your own and flipping through stored form data or saved usernames and passwords.

The solution? Set up separate user accounts in your operating system and put a good, strong password on your own account. That provides a solid first line of defense, and it should be enough of a deterrent to keep people from accessing your passwords. If you’re already logged in, however, someone could simply sit down at your desk, launch Chrome, and head to the settings page and display your passwords. Granted, they’d have to click the display button for every password they want to look at, but it’s really not a very secure set-up.

A master password would certainly be a welcome addition, since it would allow you to close Chrome and go AFK secure in the knowledge that an interloper would have to know that password before Chrome would even start up.

There’s been quite a furore raised over this issue on the Chrome support forums, and it’ll be interesting to see how Google responds. If you’re looking for a fix right now, create an operating system password, lock your system when you’re away, and use a password manager like LastPass. That way your credentials are all stored in the cloud — not on your PC where someone could run a Nirsoft app and easily steal them — and protected by a single master password of your chosing.

More at Chrome Forums

Article source:

Tags: , ,

Comments are closed.