Extracting Your Passwords From Google Chrome Is As Easy As ABC
Took us five years to figure that out.
Now here’s something that you wouldn’t expect from the 1st class software. According to Elliott Kember, the software develoepr and director at Riot, Google does an absolutely horrible job at protecting your sensitive data.
As it turns out, extracting your Google Chrome passwords is so easy, it’s actually mind boggling. All you have to do is type chrome://settings/passwords in the URL bar and that’s it. There are no master passwords, security prompts or anything of that nature.
So who’s getting fired for that? Absolutely no one, as explained by one of the security leads working at Google, once they surpass the OS password (if there’s any set), you are out of luck.
We’ve also been repeatedly asked why we don’t just support a master password or something similar, even if we don’t believe it works. We’ve debated it over and over again, but the conclusion we always come to is that we don’t want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because in effect, that’s really what they get.
That’s just plain delirious.
[Via: Business Insider]
[Source: ElliotKember, Y Combinator]
About (Author Profile)
Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.
Subscribe
If you enjoyed this article, subscribe to receive more just like it.
That’s why I never save passwords in the browser.
Firefox has a master password like any other password manager.
He never mentioned something about FF, did he?
By the way, I disable that through lastpass plugin and things seems to be a little more secure
This is news? I’ve been getting at passwords I’ve forgotten like this forever.
Some people has no idea how to use their browsers beyond starting new tabs and using incognito *cough* porn *cough* mode …
I’d copy a guest post from another site (Techspot). While’ it isn’t my writing, I agree with it:
“It’s true, once someone has local access to your PC without your
permission there are much worse things they can do than look at
passwords. it’s by design. local access to your personal account on your
computer is your own responsibility IMHO..”
A new low for Vygantas …
Now I wonder why the hell did I subscribed to this site …