Type in a very few words into Google Chrome browser – the market share leader in most surveys – and a full list of websites and their associated passwords displays on the screen.
Reported by UK software developer Elliot Kember, the phrase that unlocks the password display is: chrome://settings/passwords. Type that into the browser address bar and it reveals a list of saved passwords. Highlight a site and what's shown is the password in plain text.
Wrote Kember in his blog, “They [everyday users] don't expect it to be this easy to see their passwords. Every day, millions of normal, everyday users are saving their passwords in Chrome. This is not OK.”
In a test by a reporter, Chrome indeed displayed a lengthy line up of some two dozen saved passwords for sites ranging from Hootsuite to Twitter. Also included was the master login to a number of Google accounts including GMail,
Not included in the list were any financially related sites. No credit union, no bank, no PayPal, no credit card issuers.
UK newspaper The Guardian reported that the head of Google's Chrome team indicated there are no plans to change this system.
Many users are said to save their passwords by sending emails to themselves, so that their email box becomes a de facto password cache. Access the email and those passwords, theoretically, could be found.
To exploit Kember's vulnerability, a criminal would need to find an unattended computer, with Chrome installed. What would then be revealed are the passwords which the user elected to save in Chrome.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
