16 August 2013

All saved passwords in Google Chrome vulnerable

Users of the popular web browser Google Chrome are warned that passwords (saved by the browser) are not secured properly, leading to any other user being able to view all passwords that you have saved.

Chrome will typically prompt you to save your password for a site that you visit, and remember this for future logins. While other browsers offer the option of a “master password” that can be activated to protect your passwords, Chrome does not.

On any Google Chrome browser, you can type chrome://settings/passwords into the URL bar. This will display a page listing all of the passwords held by that browser—for all users of that computer.

This is particularly concerning for shared computers. You should never save your passwords when using shared computers, such as public computers at a library or airport.

Do not rely on your browser to safely store passwords for you if someone else has physical access to that machine.

Only allow people you trust to access your computer, especially if that computer contains confidential information.

Protecting your passwords

You are advised to either:

  • avoid storing passwords in the Google Chrome browser
  • ensure you lock your computer when you’re not using it, or
  • use a third-party tool to manage your passwords.

More information

Different browsers each have different approaches to password management. Firefox allows you to set a master password. By default, this is turned off, allowing anyone to view passwords stored by the browser.

To activate your master password go to:

Tools > Options > Security Tab

Safari users need to enter a system password to view their password list, while Internet Explorer does not have an option to view passwords in this way.

Stay Smart Online has information on choosing strong passwords.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.

Information provided by the Internet Commerce Security Laboratory, www.icsl.com.au

Connect with Stay Smart Online