TECH

Google Chrome Saved Password Security Called Into Question

08/08/2013 11:34 BST

Veiwing this using Chrome? You might want to switch to Safari or Firefox after reading this.

Software developer, Elliott Kember, has called into question the security of the method google uses to store passwords.

By typing "chrome://settings/passwords" into the address bar anyone using the computer can view all the saved passwords on that machine by simply clicking the "show" box next to the blanked out words.

google chrome

In a statement on Ycombinator, Chrome browser security tech lead Justin Schuh, said:

Consider the case of someone malicious getting access to your account. Said bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software. My point is that once the bad guy got access to your account the game was lost, because there are just too many vectors for him to get what he wants.

We've also been repeatedly asked why we don't just support a master password or something similar, even if we don't believe it works. We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because in effect, that's really what they get.

Kember claims this is not satisfactory as Google is not clear about security and weights its decisions on the premise most of Chrome's users are developers not the mass market.

Such users are often unaware of master passwords or how easy it is for someone using your computer to see your passwords.

Other browsers recommend the use of a master password (Firefox) or request a system password for authentication (Safari, Internet Explorer).

So why doesn't Google?

Even the inventor of the internet, Sir Tim Berners-Lee had something to say on the matter...