In what many are calling a serious security flaw, saved passwords are stored in plain text in Google Chrome's Settings panel.
Anyone with access to the computer could access these saved passwords since the passwords themselves are not password-protected. The passwords appear as asterisks at first but all someone would need to do to see the password is click the "show" button next to the password. Once shown, the password can easily be copied from its plain text form. Any saved information, such as personal accounts or company login details, could be compromised if the computer got into the wrong hands.
The process to access the passwords is simple; it was created not to lull the user into a false sense of security and to simplify the user's experience. Justin Schuh, the head of Google Chrome's developer team said that he and his team are aware of the weakness and that there is no plan to change the system. Some say that not fixing this flaw will compromise Chrome's future; other browsers have used the same system in the past but many have moved to a master password system. One security manager at a publishing company said, "The fact you can view the passwords means they are stored in reversible form which means that the dark coders out there will be writing a Trojan to steal that password store as we speak." It doesn't take a hacker to utilize this flaw; anyone with a basic understanding of technology could copy and save the data if given the chance.
Anyone with access to the computer could access these saved passwords since the passwords themselves are not password-protected. The passwords appear as asterisks at first but all someone would need to do to see the password is click the "show" button next to the password. Once shown, the password can easily be copied from its plain text form. Any saved information, such as personal accounts or company login details, could be compromised if the computer got into the wrong hands.
The process to access the passwords is simple; it was created not to lull the user into a false sense of security and to simplify the user's experience. Justin Schuh, the head of Google Chrome's developer team said that he and his team are aware of the weakness and that there is no plan to change the system. Some say that not fixing this flaw will compromise Chrome's future; other browsers have used the same system in the past but many have moved to a master password system. One security manager at a publishing company said, "The fact you can view the passwords means they are stored in reversible form which means that the dark coders out there will be writing a Trojan to steal that password store as we speak." It doesn't take a hacker to utilize this flaw; anyone with a basic understanding of technology could copy and save the data if given the chance.
No comments:
Post a Comment