The Realm of the Verbal Processor

Jarvis's Ramblings

Trust Google? No Thanks.

Here’s another example of why I simply don’t trust Google. The issue is that it is trivial to view the passwords saved in Chrome or Firefox…just open up chrome://settings/passwords and click the “Show” button. ZDNet has a good writeup here. Chrome doesn’t even have an option for protecting those saved passwords behind a master password…Firefox does, but it isn’t enabled by default. (Personally I use Internet Explorer which does require you to enter the logged on user’s password to view the saved passwords.) While this issue has existed in Chrome (and Firefox) for a while, it has recently gotten some public exposure.

What is really comical and sad is the excuse given by the “Chrome browser security tech lead” who stated that the only security that matters is the OS password…that a master password protecting the saved password cache is a “false sense of security”. While I agree that the OS password is the most important security step…it should not be the ONLY step. It seems that the only security breach they are concerned about is the malicious attacker…and seem to care less about giving away the farm to opportunistic or mischievous family/friends/co-workers. Just because I either intentionally or accidentally left my computer logged in and not locked should not give someone unfettered access to all my saved passwords…someone who just happens to be in my house or near my computer. The rest of the comments on that thread are also pretty entertaining. Dude got ripped pretty hard for his original post…then responded with what came across as an arrogant “we know better than you” response that certainly didn’t gain him any friends or allay any of the concerns people addressed in the thread. He just doesn’t appear to “get it” that this is a real problem for regular users.

About these ads

August 8, 2013 - Posted by | Security

1 Comment »

  1. This is just a dumb oversight, if you ask me.

    I looked around and could find no extensions to hide or otherwise obfuscate this information.

    Comment by FoxDeploy | September 5, 2013


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 33 other followers