Programmers slam Google for Chrome's 'insane password security'

Users' login details and passwords are easy to find in plain text, all it takes is access to someone's browser

Google is facing widespread criticism from technology bloggers over the password storage system used in its Chrome browser.

Simply typing “chrome://settings/passwords” into the browser’s address box reveals a comprehensive list of the user’s login details, with any computer user able to click a ‘show’ button to reveal the hidden passwords.

This does not mean that the passwords are stored on the hard drive in plain text, but that they can be made visible in plain text to anyone with access to the user’s computer.

Any individual who can enter a user’s computer log-in (which could be as easy as finding the computer when left unattended) would then be able to copy somebody’s login details for all of their online accounts.

The flaw was discovered by UK-based software developer Elliott Kember, who detailed the process on his blog. Kember’s criticisms draw attention to the differences between how Google markets its browser to developers and how it markets it to a wider, less tech-aware audience:

“In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers,” says Kember. “It’s the mass market - the users. The overwhelming majority. They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay.”

The story has attracted a lot of attention, with Sir Tim Berners-Lee, the British computer scientist known for his integral role in inventing the internet, saying:

Google responded in kind after the story was posted on social news site Hacker News with Chrome security engineer Justin Schuh commenting: “I appreciate how this appears to a novice, but we've literally spent years evaluating it and have quite a bit of data to inform our position.

"And while you're certainly well intentioned, what you're proposing is that that we make users less safe than they are today by providing them a false sense of security and encouraging dangerous behavior."

“You don't seem to understand the threat model here. You think your passwords are protected somehow in other applications, but they're simply not."

A feature or a flaw?

Other comments on the Hacker News comment thread reveal the divided reaction amongst the tech community. Some users point out that passwords are always going to be fairly insecure, and that to think otherwise is naïve.

Others counter that passwords just shouldn’t be so easily accessed by someone without any technical knowledge, and that Google could offer more security – such as a master password that needs to be entered before other login details are shown.

Speaking to The Independent, Kember commented: "I think they [Google] are taking crazy pills. They seem to be out of touch with how real users are using computers every day. Google's go-to argument is that users "should" lock their computers constantly, and use separate user accounts for each user.

"But that's not the way people are using computers. Even if it were, it's no excuse to bring all my passwords to one place and reveal them. I don't expect computers to work that way - nobody does."

One solution to the problem is to set a 'master key' that needs to be entered before viewing all your passwords. This comes as default in Internet Explorer and can be turned on in Firefox from the 'security' tab. Users looking for extra peace of mind might also look into third-party software such as LastPass or 1Password.

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
Rebel, rebel: Vivienne Westwood in her baroque-influenced early-Nineties designs
fashionWhy we mustn't take Dame Vivienne Westwood for granted
News
The police have been criticised in a raid on the luxury home of Sir Cliff Richard
people
News
news
Arts and Entertainment
tvStrictly presenter returns to screens after Halloween accident
News
Boxing promoter Kellie Maloney, formerly known as Frank Maloney, entered the 2014 Celebrity Big Brother house
people
Sport
Dwight Gayle (left) celebrates making it 1-1 with Crystal Palace captain Mile Jedinak
premier leagueReds falter to humbling defeat
Sport
Harry Kane
premier leagueLive minute-by-minute coverage
Arts and Entertainment
Morgana Robinson
arts + entsIt is not easy interviewing Morgana Robinson. Here's why...
News
video
Arts and Entertainment
Damien Hirst
artCoalition's anti-culture policy and cuts in local authority spending to blame, says academic
Arts and Entertainment
Jerry Hall (Hand out press photograph provided by jackstanley@theambassadors.com)
theatre
Arts and Entertainment
tv
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Senior Project Manager

    £45000 - £65000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: Customer Service Executive

    £20000 per annum: Recruitment Genius: A Customer Service Executive is required...

    Ashdown Group: Junior SQL DBA - London - £39,000

    £37000 - £39000 per annum + benefits: Ashdown Group: SQL Database Administrato...

    Recruitment Genius: PHP Developer

    £26000 - £32000 per annum: Recruitment Genius: Expanding creative studio requi...

    Day In a Page

    Mau Mau uprising: Kenyans still waiting for justice join class action over Britain's role in the emergency

    Kenyans still waiting for justice over Mau Mau uprising

    Thousands join class action over Britain's role in the emergency
    Isis in Iraq: The trauma of the last six months has overwhelmed the remaining Christians in the country

    The last Christians in Iraq

    After 2,000 years, a community will try anything – including pretending to convert to Islam – to avoid losing everything, says Patrick Cockburn
    Black Friday: Helpful discounts for Christmas shoppers, or cynical marketing by desperate retailers?

    Helpful discounts for Christmas shoppers, or cynical marketing by desperate retailers?

    Britain braced for Black Friday
    Bill Cosby's persona goes from America's dad to date-rape drugs

    From America's dad to date-rape drugs

    Stories of Bill Cosby's alleged sexual assaults may have circulated widely in Hollywood, but they came as a shock to fans, says Rupert Cornwell
    Clare Balding: 'Women's sport is kicking off at last'

    Clare Balding: 'Women's sport is kicking off at last'

    As fans flock to see England women's Wembley debut against Germany, the TV presenter on an exciting 'sea change'
    Oh come, all ye multi-faithful: The Christmas jumper is in fashion, but should you wear your religion on your sleeve?

    Oh come, all ye multi-faithful

    The Christmas jumper is in fashion, but should you wear your religion on your sleeve?
    Dr Charles Heatley: The GP off to do battle in the war against Ebola

    The GP off to do battle in the war against Ebola

    Dr Charles Heatley on joining the NHS volunteers' team bound for Sierra Leone
    Flogging vlogging: First video bloggers conquered YouTube. Now they want us to buy their books

    Flogging vlogging

    First video bloggers conquered YouTube. Now they want us to buy their books
    Saturday Night Live vs The Daily Show: US channels wage comedy star wars

    Saturday Night Live vs The Daily Show

    US channels wage comedy star wars
    When is a wine made in Piedmont not a Piemonte wine? When EU rules make Italian vineyards invisible

    When is a wine made in Piedmont not a Piemonte wine?

    When EU rules make Italian vineyards invisible
    Look what's mushrooming now! Meat-free recipes and food scandals help one growing sector

    Look what's mushrooming now!

    Meat-free recipes and food scandals help one growing sector
    Neil Findlay is more a pink shrimp than a red firebrand

    More a pink shrimp than a red firebrand

    The vilification of the potential Scottish Labour leader Neil Findlay shows how one-note politics is today, says DJ Taylor
    Bill Granger recipes: Tenderstem broccoli omelette; Fried eggs with Mexican-style tomato and chilli sauce; Pan-fried cavolo nero with soft-boiled egg

    Oeuf quake

    Bill Granger's cracking egg recipes
    Terry Venables: Wayne Rooney is roaring again and the world knows that England are back

    Terry Venables column

    Wayne Rooney is roaring again and the world knows that England are back
    Michael Calvin: Abject leadership is allowing football’s age-old sores to fester

    Abject leadership is allowing football’s age-old sores to fester

    Those at the top are allowing the same issues to go unchallenged, says Michael Calvin