Finding passwords saved in Chrome is surprisingly easy

Most browsers will ask if you want your passwords saved so when you're next jumping around the web, logging into sites is that bit easier. Of course, you'd like think those passwords are squirreled away where no one can dig them up, but in Chrome they're pretty easy to find. As highlighted by software developer Elliott Kember recently, getting access to the list of saved passwords requires only that you point the browser at "chrome://settings/passwords" (or simply find the password management option in advanced settings) and click on one of the saved entries. A small "show" button will then appear next to the hidden password -- hit that and it'll be revealed.

Calling this a major security flaw, as some have, is obviously a tad sensationalistic. Nevertheless, recent attention has shown that making saved password access so simple is a concern for some. Several other browsers give users the option to protect that list with a master password, but Chrome does not -- even if you sign out of the browser, data linked to your Google account remains visible on that computer. Justin Schuh, Chrome security tech lead, has responded to internet chatter on the topic, saying that once past the OS login stage, someone can theoretically find your passwords and all manner of other browser info out anyway, using various underhand means. His statement isn't likely to calm those who'd like to see their passwords more secure, but perhaps the fact people are talking will force Google to consider some changes.

Update: This post has been edited with some additional context and commentary.

0 Comments

Finding passwords saved in Chrome is surprisingly easy, Google security lead sees no issue