Poor design decision in Chrome makes it easy to steal passwords

Chrome password feature

The browser market is one the most competitive landscapes in the tech industry with Google, Microsoft, Firefox and Apple all pushing their respective products. While Microsoft has been running media campaigns for Internet Explorer to help reshape its image and Firefox has also been doing a bit of new marketing for its platforms as well, the market is fiercely competitive with IE keeping the market share crown, for now.

Chrome, on the other hand, has been running advertisements but not nearly as aggressively as Microsoft, but thanks to a new and somewhat serious design decision, Google will need to find a way to avoid the impending black eye from security researches and the general public.

While some are calling this a ‘flaw’ of Google Chrome, which would This is a poor design decision that was intentionally put in place indicate that this was an unintentional issue, the fact is, the process to uncover the passwords, which are viewed in plain text, is a poor design decision that was intentionally put in place. The easily accessible plain-text passwords can allow anyone using your machine to lift your confidential data in seconds, if they know what they are doing.

To access the plain-text passwords in Chrome, click settings -> show advanced settings -> manage saved passwords -> then you click “show password” next to each item to reveal the individual password for that account. As noted, by performing this process, it’s clearly a feature of Chrome, albeit, if someone uses your personal machine and knows this trick, they can easily steal your passwords.

Google has indicated to the Guardian that it has no plans to lock down this feature.

If you are using Firefox, that browser has a very similar feature Firefox has a similar issue that presents your passwords in plan text but does provide the option of putting a master-password on your account to prevent such nefarious activities. But, as Frank Becker pointed out on Twitter, that feature is unchecked by default, so Firefox has nearly the same issue as Chrome.

Suffice to say, letting anyone use your machine if you use these browsers should be done so with caution, as it only takes a few clicks to steal your sensitive information. If there is enough backlash, we suspect Chrome and Firefox will eventually force the master password feature to protect the end user but as it stands now, it’s quite easy to steal the sensitive information from both Chrome and Firefox users.

Via: Guardian

Report a problem with article
Previous Story

Amazon offers digital downloads for UK customers

Next Story

Crossbar: RRAM will have twice the density of NAND for the same cost

80 Comments - Add comment