Programmers slam Google for Chrome's 'insane password security'

Users' login details and passwords are easy to find in plain text, all it takes is access to someone's browser

Google is facing widespread criticism from technology bloggers over the password storage system used in its Chrome browser.

Simply typing “chrome://settings/passwords” into the browser’s address box reveals a comprehensive list of the user’s login details, with any computer user able to click a ‘show’ button to reveal the hidden passwords.

This does not mean that the passwords are stored on the hard drive in plain text, but that they can be made visible in plain text to anyone with access to the user’s computer.

Any individual who can enter a user’s computer log-in (which could be as easy as finding the computer when left unattended) would then be able to copy somebody’s login details for all of their online accounts.

The flaw was discovered by UK-based software developer Elliott Kember, who detailed the process on his blog. Kember’s criticisms draw attention to the differences between how Google markets its browser to developers and how it markets it to a wider, less tech-aware audience:

“In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers,” says Kember. “It’s the mass market - the users. The overwhelming majority. They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay.”

The story has attracted a lot of attention, with Sir Tim Berners-Lee, the British computer scientist known for his integral role in inventing the internet, saying:

Google responded in kind after the story was posted on social news site Hacker News with Chrome security engineer Justin Schuh commenting: “I appreciate how this appears to a novice, but we've literally spent years evaluating it and have quite a bit of data to inform our position.

"And while you're certainly well intentioned, what you're proposing is that that we make users less safe than they are today by providing them a false sense of security and encouraging dangerous behavior."

“You don't seem to understand the threat model here. You think your passwords are protected somehow in other applications, but they're simply not."

A feature or a flaw?

Other comments on the Hacker News comment thread reveal the divided reaction amongst the tech community. Some users point out that passwords are always going to be fairly insecure, and that to think otherwise is naïve.

Others counter that passwords just shouldn’t be so easily accessed by someone without any technical knowledge, and that Google could offer more security – such as a master password that needs to be entered before other login details are shown.

Speaking to The Independent, Kember commented: "I think they [Google] are taking crazy pills. They seem to be out of touch with how real users are using computers every day. Google's go-to argument is that users "should" lock their computers constantly, and use separate user accounts for each user.

"But that's not the way people are using computers. Even if it were, it's no excuse to bring all my passwords to one place and reveal them. I don't expect computers to work that way - nobody does."

One solution to the problem is to set a 'master key' that needs to be entered before viewing all your passwords. This comes as default in Internet Explorer and can be turned on in Firefox from the 'security' tab. Users looking for extra peace of mind might also look into third-party software such as LastPass or 1Password.

News
Jacqueline Bisset has claimed that young women today are obsessed with being 'hot', rather than 'charming', 'romantic' or 'beautiful'
people
Arts and Entertainment
Lena Dunham
booksLena Dunham's memoirs - written at the age of 28 - are honest to the point of making you squirm
Arts and Entertainment
A bit rich: Maggie Smith in Downton Abbey
tvDownton Abbey review: It's six months since we last caught up with the Crawley clan
Sport
Frank Lampard and his non-celebration
premier leagueManchester City vs Chelsea match report from the Etihad Stadium
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
News
people
Life and Style
A new app has been launched that enables people to have a cuddle from a stranger
techNew app offers 'PG alternative' to dating services like Tinder
Sport
Greg Dyke insists he will not resign as Football Association chairman after receiving a watch worth more than £16,000 but has called for an end to the culture of gifts being given to football officials
football
Arts and Entertainment
Jake Quickenden sings his heart out in his second audition
tvX Factor: How did the Jakes - and Charlie Martinez - fare?
Sport
premier league
Arts and Entertainment
'New Tricks' star Dennis Waterman is departing from the show after he completes filming on two more episodes
tvOnly remaining original cast-member to leave crime series
Sport
Mario Balotelli celebrates his first Liverpool goal
premier leagueLiverpool striker expressed his opinion about the 5-3 thriller with Leicester - then this happened
News
Britain's shadow chancellor Ed Balls (L) challenges reporter Rob Merrick for the ball during the Labour Party versus the media soccer match,
peopleReporter left bleeding after tackle from shadow Chancellor in annual political football match
Arts and Entertainment
Female fans want more explicit male sex in Game of Thrones, George R R Martin says
tvSpoiler warning: Star of George RR Martin's hit series says viewers have 'not seen the last' of him/her
News
i100
News
i100
Sport
Plenty to ponder: Amir Khan has had repeated problems with US immigration because of his Muslim faith and now American television may shun him
boxing
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Graduate BI Consultant (Business Intelligence) - London

    £24000 - £30000 per annum + benefits: Ashdown Group: Graduate BI Consultant (B...

    Service Delivery Manager (Product Manager, Test and Deployment)

    £40000 - £55000 per annum: Ashdown Group: Service Delivery Manager (Product Ma...

    Technical Product Marketing Specialist - London - £70,000

    £50000 - £70000 per annum: Ashdown Group: Cloud Product and Solutions Marketin...

    Trainee Helpdesk Analyst / 1st Line Application Support Analyst

    £18000 per annum: Ashdown Group: An established and growing IT Consultancy fir...

    Day In a Page

    A roller-coaster tale from the 'voice of a generation'

    Not That Kind of Girl:

    A roller-coaster tale from 'voice of a generation' Lena Dunham
    London is not bedlam or a cradle of vice. In fact it, as much as anywhere, deserves independence

    London is not bedlam or a cradle of vice

    In fact it, as much as anywhere, deserves independence
    Vivienne Westwood 'didn’t want' relationship with Malcolm McLaren

    Vivienne Westwood 'didn’t want' relationship with McLaren

    Designer 'felt pressured' into going out with Sex Pistols manager
    Jourdan Dunn: Model mother

    Model mother

    Jordan Dunn became one of the best-paid models in the world
    Apple still coolest brand – despite U2 PR disaster

    Apple still the coolest brand

    Despite PR disaster of free U2 album
    Scottish referendum: The Yes vote was the love that dared speak its name, but it was not to be

    Despite the result, this is the end of the status quo

    Boyd Tonkin on the fall-out from the Scottish referendum
    Manolo Blahnik: The high priest of heels talks flats, Englishness, and why he loves Mary Beard

    Manolo Blahnik: Flats, Englishness, and Mary Beard

    The shoe designer who has been dubbed 'the patron saint of the stiletto'
    The Beatles biographer reveals exclusive original manuscripts of some of the best pop songs ever written

    Scrambled eggs and LSD

    Behind The Beatles' lyrics - thanks to Hunter Davis's original manuscript copies
    'Normcore' fashion: Blending in is the new standing out in latest catwalk non-trend

    'Normcore': Blending in is the new standing out

    Just when fashion was in grave danger of running out of trends, it only went and invented the non-trend. Rebecca Gonsalves investigates
    Dance’s new leading ladies fight back: How female vocalists are now writing their own hits

    New leading ladies of dance fight back

    How female vocalists are now writing their own hits
    Mystery of the Ground Zero wedding photo

    A shot in the dark

    Mystery of the wedding photo from Ground Zero
    His life, the universe and everything

    His life, the universe and everything

    New biography sheds light on comic genius of Douglas Adams
    Save us from small screen superheroes

    Save us from small screen superheroes

    Shows like Agents of S.H.I.E.L.D are little more than marketing tools
    Reach for the skies

    Reach for the skies

    From pools to football pitches, rooftop living is looking up
    These are the 12 best hotel spas in the UK

    12 best hotel spas in the UK

    Some hotels go all out on facilities; others stand out for the sheer quality of treatments