Are you a Google Chrome or a Firefox user? Do you have any of your passwords saved on the web browser? If so, you may be in great danger. You should immediately clean up your browser history and remove all those passwords. Read on to find out why.
Just recently, software developer Elliot Kember discovered an “insane” security flaw in the Google Chrome web browser, which eventually began to stir up panic and debate all over the Internet. Kember revealed this via a blog post. He showed that Chrome’s setting panel has a password page that enables users to show the saved passwords in text format. You can see this yourself by going over to chrome://settings/passwords . Later on it was discovered that Firefox follows this same method to store passwords as well.
Let’s say you go over to Facebook, enters your login details and when the browser ask you if you want to save the password, you hit yes. After doing all the FB stuff, you log out, thinking that nobody else will know your password. But thanks to Chrome’s password security flaw, anyone who gets access to your computer can easily get hold of your saved passwords as well.
Now, you may think Google will look into this and fix it. But, it’s never going to happen.
“The only strong permission boundary for your password storage is the OS user account. So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account. Beyond that, however, we’ve found that boundaries within the OS user account just aren’t reliable, and are mostly just theater.” Chrome security head Justin Schuh explained in a post on Hacker News.
Looks like it’s all up to you to save yourself from the apocalypse. Cnet discussed some of the steps you can follow to protect your passwords like not letting anyone access your OS account or installing plugins to save passwords. But, personally I think it’s best for you to wipe your browser clean for good, like I did because you never know when someone may access your computer, or who knows when you could get hacked.
So, this is what you should do – Go to chrome://settings/clearBrowserData and tick all those check boxes including “Clear saved passwords” and hit clear browsing data. Firefox users can do this on the “Clear history” page. Now you will have a clean browser, no need to be afraid of password leaks. However, you should avoid storing up passwords on your browser from now on. Keep those passwords stored only in your head or write them down in your diary or something.
If you have too many passwords to remember.. well, you need to get a life. If that’s not an option, you can try out a password manager like KeePass which is free and generates passwords to store them locally with encryption.
(All the images, trademarks, logo’s shown on this post are the property of their respective owners)
Roshan Jerad Perera
