Programmers slam Google for Chrome's 'insane password security'

Users' login details and passwords are easy to find in plain text, all it takes is access to someone's browser

Google is facing widespread criticism from technology bloggers over the password storage system used in its Chrome browser.

Simply typing “chrome://settings/passwords” into the browser’s address box reveals a comprehensive list of the user’s login details, with any computer user able to click a ‘show’ button to reveal the hidden passwords.

This does not mean that the passwords are stored on the hard drive in plain text, but that they can be made visible in plain text to anyone with access to the user’s computer.

Any individual who can enter a user’s computer log-in (which could be as easy as finding the computer when left unattended) would then be able to copy somebody’s login details for all of their online accounts.

The flaw was discovered by UK-based software developer Elliott Kember, who detailed the process on his blog. Kember’s criticisms draw attention to the differences between how Google markets its browser to developers and how it markets it to a wider, less tech-aware audience:

“In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers,” says Kember. “It’s the mass market - the users. The overwhelming majority. They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay.”

The story has attracted a lot of attention, with Sir Tim Berners-Lee, the British computer scientist known for his integral role in inventing the internet, saying:

Google responded in kind after the story was posted on social news site Hacker News with Chrome security engineer Justin Schuh commenting: “I appreciate how this appears to a novice, but we've literally spent years evaluating it and have quite a bit of data to inform our position.

"And while you're certainly well intentioned, what you're proposing is that that we make users less safe than they are today by providing them a false sense of security and encouraging dangerous behavior."

“You don't seem to understand the threat model here. You think your passwords are protected somehow in other applications, but they're simply not."

A feature or a flaw?

Other comments on the Hacker News comment thread reveal the divided reaction amongst the tech community. Some users point out that passwords are always going to be fairly insecure, and that to think otherwise is naïve.

Others counter that passwords just shouldn’t be so easily accessed by someone without any technical knowledge, and that Google could offer more security – such as a master password that needs to be entered before other login details are shown.

Speaking to The Independent, Kember commented: "I think they [Google] are taking crazy pills. They seem to be out of touch with how real users are using computers every day. Google's go-to argument is that users "should" lock their computers constantly, and use separate user accounts for each user.

"But that's not the way people are using computers. Even if it were, it's no excuse to bring all my passwords to one place and reveal them. I don't expect computers to work that way - nobody does."

One solution to the problem is to set a 'master key' that needs to be entered before viewing all your passwords. This comes as default in Internet Explorer and can be turned on in Firefox from the 'security' tab. Users looking for extra peace of mind might also look into third-party software such as LastPass or 1Password.

Sport
Club legend Paul Scholes is scared United could disappear into 'the wilderness'
football
News
A model of a Neanderthal man on display at the National Museum of Prehistory in Dordogne, France
science
News
Dawkins: 'There’s a very interesting reason why a prince could not turn into a frog – it's statistically too improbable'
newsThat's Richard Dawkins on babies with Down Syndrome
Arts and Entertainment
Eye of the beholder? 'Concrete lasagne' Preston bus station
architectureWhich monstrosities should be nominated for the Dead Prize?
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    C# .NET Software Developer (Client-Side, SQL, VB6, WinForms)

    Negotiable: Harrington Starr: C# .NET Software Developer (Client-Side, SQL, VB...

    C# Developer (Genetic Algorithms, .NET 4.5, TDD, SQL, AI)

    £40000 - £60000 per annum + Benefits + Bonus: Harrington Starr: C# Developer (...

    C# Full Stack Developer (.NET 4.0, ASP.NET, MVC, Ajax, WCF,SQL)

    £55000 - £65000 per annum + Benefits + Bonus: Harrington Starr: C# Full Stack ...

    Web Analyst – Permanent – West Sussex – Up to £43k

    £35000 - £43000 Per Annum plus excellent benefits: Clearwater People Solutions...

    Day In a Page

    Middle East crisis: We know all too much about the cruelty of Isis – but all too little about who they are

    We know all too much about the cruelty of Isis – but all too little about who they are

    Now Obama has seen the next US reporter to be threatened with beheading, will he blink, asks Robert Fisk
    Neanderthals lived alongside humans for centuries, latest study shows

    Final resting place of our Neanderthal neighbours revealed

    Bones dated to 40,000 years ago show species may have died out in Belgium species co-existed
    Scottish independence: The new Scots who hold fate of the UK in their hands

    The new Scots who hold fate of the UK in their hands

    Scotland’s immigrants are as passionate about the future of their adopted nation as anyone else
    Britain's ugliest buildings: Which monstrosities should be nominated for the Dead Prize?

    Blight club: Britain's ugliest buildings

    Following the architect Cameron Sinclair's introduction of the Dead Prize, an award for ugly buildings, John Rentoul reflects on some of the biggest blots on the UK landscape
    eBay's enduring appeal: Online auction site is still the UK's most popular e-commerce retailer

    eBay's enduring appeal

    The online auction site is still the UK's most popular e-commerce site
    Culture Minister Ed Vaizey: ‘lack of ethnic minority and black faces on TV is weird’

    'Lack of ethnic minority and black faces on TV is weird'

    Culture Minister Ed Vaizey calls for immediate action to address the problem
    Artist Olafur Eliasson's latest large-scale works are inspired by the paintings of JMW Turner

    Magic circles: Artist Olafur Eliasson

    Eliasson's works will go alongside a new exhibition of JMW Turner at Tate Britain. He tells Jay Merrick why the paintings of his hero are ripe for reinvention
    Josephine Dickinson: 'A cochlear implant helped me to discover a new world of sound'

    Josephine Dickinson: 'How I discovered a new world of sound'

    After going deaf as a child, musician and poet Josephine Dickinson made do with a hearing aid for five decades. Then she had a cochlear implant - and everything changed
    Greggs Google fail: Was the bakery's response to its logo mishap a stroke of marketing genius?

    Greggs gives lesson in crisis management

    After a mishap with their logo, high street staple Greggs went viral this week. But, as Simon Usborne discovers, their social media response was anything but half baked
    Matthew McConaughey has been singing the praises of bumbags (shame he doesn't know how to wear one)

    Matthew McConaughey sings the praises of bumbags

    Shame he doesn't know how to wear one. Harriet Walker explains the dos and don'ts of fanny packs
    7 best quadcopters and drones

    Flying fun: 7 best quadcopters and drones

    From state of the art devices with stabilised cameras to mini gadgets that can soar around the home, we take some flying objects for a spin
    Joey Barton: ‘I’ve been guilty of getting a bit irate’

    Joey Barton: ‘I’ve been guilty of getting a bit irate’

    The midfielder returned to the Premier League after two years last weekend. The controversial character had much to discuss after his first game back
    Andy Murray: I quit while I’m ahead too often

    Andy Murray: I quit while I’m ahead too often

    British No 1 knows his consistency as well as his fitness needs working on as he prepares for the US Open after a ‘very, very up and down’ year
    Ferguson: In the heartlands of America, a descent into madness

    A descent into madness in America's heartlands

    David Usborne arrived in Ferguson, Missouri to be greeted by a scene more redolent of Gaza and Afghanistan
    BBC’s filming of raid at Sir Cliff’s home ‘may be result of corruption’

    BBC faces corruption allegation over its Sir Cliff police raid coverage

    Reporter’s relationship with police under scrutiny as DG is summoned by MPs to explain extensive live broadcast of swoop on singer’s home