It's the conundrum that all web browser users have to deal with; creating passwords for certain web sites they visit and then remembering them all. Some choose to use just one password for all of their sites but that, of course, can be a big security risk. Others use simple passwords but that, too, poses its own problems.
Now Google is working on a way for users of its Chrome web browser to have their web password cake and eat it, too. In a post on its Chromium web site, Google describes how it would randomly generate a strong password when it comes into contact with a web sign up page.
The proposal is to offer Chrome users a prompt when they reach a sign up page, asking them if Chrome can create a password and store it in the password manager. It adds:
If they accept the prompt then we pop up a small box which is prepopulated with what we think is an acceptable random password. The reason we don't just choose a password for them is that many sites have requirements (e.g. must have one digit, must be alphanumeric, must be between 6 and 20 characters) some of which may be contradictory between sites. So we will choose a default generator that will work on most sites, but users may need to change our password if it doesn't work.
While there are a lot of advantages to this approach, there are also dangers. For example, someone who manages to break into a user's Chrome account could be able to see all of the stored passwords. If that happens, Google claims it might be possible "to automatically change all of a user's passwords when we realize that their account is hijacked."
There's no word on when this new password generator will be added to Chrome.
Image via Google
26 Comments - Add comment