TechSpot

Chrome draws criticism for storing passwords unprotected

By Scorpus
Aug 7, 2013
Post New Reply
  1. Something many people aren't aware of is the way web browsers store saved passwords locally, for the ease of signing in to accounts whenever you return to a webpage. While all browsers offer this functionality, Chrome has recently been criticized...

    Read more
     
  2. MrAnderson

    MrAnderson TS Maniac Posts: 488   +10

    Wow, I assumed that the passwords and other form autocomplete were being encrypted... but I never used them because I figured it would be simple implementation... I guess my caution was vindicated.
     
  3. How the **** didn't I noticed this???????!!!!!
     
  4. I would like to remind you guys (the commenters) that client side protection is NOT the browser's task.
     
    RenGood08 likes this.
  5. tookieboy

    tookieboy TS Rookie

    This. Is. Old. News. Has been like this for ages.

    If you actually follow through the claim link, you will see how inadequate your reply is.
    "So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account."

    Because you don't configure your browser enough, period.

    +1 Completely agree with you, hence KeePass :)
     
  6. Bigger question - why would you store password in the first place? Being lazy is not an excuse.
     
    RenGood08 and ypsylon like this.
  7. CyniqueDuMonde

    CyniqueDuMonde TS Rookie

    Justin Schuh's excuse that "this was planned" seems like a flimsy way to cover a screw-up. Hopefully they'll fix it as many users leave their machines logged-in while on coffee break. A malicious co-worker can nip into the cubicle and grab the entire treasure chest of passwords.

    Yeah, we should all encrypt all of our accounts and we should always log out even when we leave our workstations to grab some papers off the department printer. But come on. A browser should not offer so save passwords unless the its developers are willing to put a modicum of effort into protecting them. Scary.
     
    RenGood08 likes this.
  8. I'm surprised you could find your keyboard through all of that smug.
     
  9. I didn't realize a browser was anything other than a client-side application. I also wasn't aware a client-side application should not be responsible for the security of it's built-in client-side functions and operations.
     
  10. Why would you ever store passwords on your work computer?? Even if Chrome added another password anyone could still get any stored passwords from any browser. Chrome just doesn't bother with a faux layer of security.
     
  11. mario

    mario Ex-TS Developer Posts: 399   +17

    Well Mr. Justin Schuh apparently is a very lonely man, because I would be more afraid of crazy girlfriends or jealous wifes than real hackers.
     
    Jos likes this.
  12. MilwaukeeMike

    MilwaukeeMike TS Evangelist Posts: 2,750   +1,105

    'Not my job' isn't an excuse for incompetence. By showing all passwords someone could see quickly what common passwords that person uses and try them on other websites. Many people use the same few passwords for multiple sites. There's no reason the passwords couldn't be hidden.
     
  13. Jos

    Jos TechSpot Staff Posts: 2,709   +87

    mario exactly what I was thinking after reading Schuh's lame excuse. By the way, happy birthday man!
     
    mario likes this.
  14. Firefox is the same
     
  15. It's obvious they aren't covering up a "screw up" or a "security flaw." it's true, once someone has local access to your PC without your permission there are much worse things they can do than look at passwords. it's by design. local access to your personal account on your computer is your own responsibility IMHO..
     
    SantistaUSA likes this.
  16. tipstir

    tipstir TS Ambassador Posts: 2,392   +107

    That's for posting this, I've cleaned all the old accounts..
     
  17. gamoniac

    gamoniac TS Addict Posts: 293   +69

    What a lame excuse by Schuh. Just because someone can break into my house by kicking down the front door, it does not mean I should remove lock and make it easier for him/her.
     
  18. Camikazi

    Camikazi TS Maniac Posts: 817   +231

    I think this would be more like putting a lock on a glass cabinet in your house, once they are inside your house (locked or not) that lock on the glass cabinet does absolutely nothing to stop them. The lock and safe on your house door is what protects your cabinet from access.
     
  19. If I need passwords from local comp I will use SIW - no place to hide
     
  20. Kibaruk

    Kibaruk TechSpot Paladin Posts: 2,508   +498

    This is the only reason why I dont switch over to Chrome, Firefox built in password manager is awesome (You do have to set a master password firsts, obviously).
     
  21. Jad Chaar

    Jad Chaar TS Evangelist Posts: 6,477   +965

    I love Chrome and have been using it since 2008, but this has to be fixed.
     
    RenGood08 likes this.
  22. @RH00D:
    If someone has physical access to your computer without any kind of protection, it is your fault, not the browser's.
    Set up a software that is designed for this task, I am sure there are a few that ask for a confirming password before allowing access to the machine.
     
  23. What about public computers like at the library?
     
  24. Per Hansson

    Per Hansson TS Server Guru Posts: 1,929   +186

    Windows has had this feature for the last 20 years, you lock the computer before you leave it, takes 0.1 seconds.
    Just press the Windows key + L

    If you save your passwords on a computer in a public library I think there are some bigger issues to solve, and none involves software fixes.
     
    Scorpus likes this.
  25. I never store password on Chrome, Roboform is my homie! :D
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...