View all the saved passwords in Google Chrome

Google Chrome had a privilege for being the most secure browser available, but controversy has been raised this week about the way Chrome stores passwords.

A post published on the blog of designer Elliot Kember puts it out some potential risks in the management of passwords by Chrome, especially for those who share your computer with other users.

 

By typing “chrome://settings/passwords” into the address bar anyone using the computer can view all the saved passwords in google chrome, that machine by simply clicking the “show” box next to the blanked out words.

chrome-password-show

Here are the steps to literally learn anyone’s saved passwords (try it on your own computer if you don’t believe):

1) Ask your target if you can use their computer (or just find their unlocked computer at their desk, in a coffee shop, at school etc.)
2) Open Chrome and type chrome://settings/passwords into the address bar
3) You’ll see a list of websites with obscured passwords next to it. Click one of the passwords, then click the “Show” button.
4) That’s it. There’s nothing else to it. Everyone passwords are just sitting there in plain text, with no further prompts.

Google’s response:
Kember’s blog post got a response from the head of security for Chrome, and it seems that there aren’t any plans to plug this vulnerability, so it’s probably a good idea to get your passwords out of Chrome (and other browsers, because you can’t be too careful).

So dear readers, please follow the below steps:

1. Make sure your computer is password locked at all times
2. Don’t let anyone use your computer. Ever.
3. Use an encrypted password manager like LastPass or 1Password
4. Turn off Chrome’s password manager

 

Comments

comments

Comments are closed.