It seems that there might be a bit of an issue with password management inside the popular Chrome browser. The issue was discovered by Elliott Kember who promptly posted this in his blog along with a how to guide to replicate this. In short, passwords are viewable in plain text by anyone who has access to the computer. That is a complete #FAIL if I have ever seen one.
But the story doesn’t end there.
This started a back and forth between Kember and Justin Schuh, the head of Chrome security, not to mention a few other people. The bottom line: As far as Schuh is concerned, Kember is wrong and that this behavior of Chrome has been evaluated for years and is not going to change.
Now I can look at this in a couple of ways:
- The fact that Chrome stores passwords in a form that any user can see is nuts. Firefox at least has a master password that can keep this sort of info out of the hands of someone with access to the computer.
- The flip side to the above is that you shouldn’t be storing passwords inside the browser as it is potentially no better then writing it down on a sticky note and posting it on your monitor. Sooner or later something or someone is going to access it and then go nuts at your expense.
So I ask you, is this an issue or not? Share your opinion by posting a comment below.
Related
This entry was posted on August 7, 2013 at 4:07 pm and is filed under Commentary with tags Chrome, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Chrome Stores Passwords In Clear Text…. Is This An Issue?
It seems that there might be a bit of an issue with password management inside the popular Chrome browser. The issue was discovered by Elliott Kember who promptly posted this in his blog along with a how to guide to replicate this. In short, passwords are viewable in plain text by anyone who has access to the computer. That is a complete #FAIL if I have ever seen one.
But the story doesn’t end there.
This started a back and forth between Kember and Justin Schuh, the head of Chrome security, not to mention a few other people. The bottom line: As far as Schuh is concerned, Kember is wrong and that this behavior of Chrome has been evaluated for years and is not going to change.
Now I can look at this in a couple of ways:
So I ask you, is this an issue or not? Share your opinion by posting a comment below.
Share this:
Like this:
Related
This entry was posted on August 7, 2013 at 4:07 pm and is filed under Commentary with tags Chrome, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.