Major password security flaw exposed in Chrome
People who use Google Chrome - and save their passwords in the browser - should be aware of a feature that critics are slamming as a major security flaw.
Security experts have found that the web browser stores passwords (saved by users) in an unencrypted format.
The browser will show a list of websites requiring usernames that you've saved in Chrome and the hidden passwords beside each login. Just click the 'Show' button beside a blocked out password to reveal the actual password.
So if anyone got access to the computer, or if the right virus wound its way on to your laptop, the password can be easily exposed and then used maliciously.
More on Tech:
While you may have created the most challenging password containing upper and lower-case characters, numbers and symbols, it could be useless.
The flaw was exposed by software developer Elliott Kember on his blog (see photo attached).
Since the "bug" got attention, it's prompted a response from Justin Schuh, who works on Chrome's security.
In a response written on Hacker News, he points out that saved passwords are only as secure as the password attached to the operating system of the computer in question.
So if you don't have a password to log into your Windows or Mac computer, you probably should start locking things down. Also, you should avoid lending your computer out to "friends," and don't leave your laptop open - even if you're just stepping away for a quick moment.
He goes on to write:
Consider the case of someone malicious getting access to your account. Said bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software. My point is that once the bad guy got access to your account the game was lost, because there are just too many vectors for him to get what he wants.
Will you keep saving your passwords in Chrome? Are you tired of creating difficult passwords that are almost always easy to forget?
More on Tech:
- Maurice Cacho, MSN Tech & Gadgets