Programmers slam Google for Chrome's 'insane password security'

Users' login details and passwords are easy to find in plain text, all it takes is access to someone's browser

Google is facing widespread criticism from technology bloggers over the password storage system used in its Chrome browser.

Simply typing “chrome://settings/passwords” into the browser’s address box reveals a comprehensive list of the user’s login details, with any computer user able to click a ‘show’ button to reveal the hidden passwords.

This does not mean that the passwords are stored on the hard drive in plain text, but that they can be made visible in plain text to anyone with access to the user’s computer.

Any individual who can enter a user’s computer log-in (which could be as easy as finding the computer when left unattended) would then be able to copy somebody’s login details for all of their online accounts.

The flaw was discovered by UK-based software developer Elliott Kember, who detailed the process on his blog. Kember’s criticisms draw attention to the differences between how Google markets its browser to developers and how it markets it to a wider, less tech-aware audience:

“In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers,” says Kember. “It’s the mass market - the users. The overwhelming majority. They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay.”

The story has attracted a lot of attention, with Sir Tim Berners-Lee, the British computer scientist known for his integral role in inventing the internet, saying:

Google responded in kind after the story was posted on social news site Hacker News with Chrome security engineer Justin Schuh commenting: “I appreciate how this appears to a novice, but we've literally spent years evaluating it and have quite a bit of data to inform our position.

"And while you're certainly well intentioned, what you're proposing is that that we make users less safe than they are today by providing them a false sense of security and encouraging dangerous behavior."

“You don't seem to understand the threat model here. You think your passwords are protected somehow in other applications, but they're simply not."

A feature or a flaw?

Other comments on the Hacker News comment thread reveal the divided reaction amongst the tech community. Some users point out that passwords are always going to be fairly insecure, and that to think otherwise is naïve.

Others counter that passwords just shouldn’t be so easily accessed by someone without any technical knowledge, and that Google could offer more security – such as a master password that needs to be entered before other login details are shown.

Speaking to The Independent, Kember commented: "I think they [Google] are taking crazy pills. They seem to be out of touch with how real users are using computers every day. Google's go-to argument is that users "should" lock their computers constantly, and use separate user accounts for each user.

"But that's not the way people are using computers. Even if it were, it's no excuse to bring all my passwords to one place and reveal them. I don't expect computers to work that way - nobody does."

One solution to the problem is to set a 'master key' that needs to be entered before viewing all your passwords. This comes as default in Internet Explorer and can be turned on in Firefox from the 'security' tab. Users looking for extra peace of mind might also look into third-party software such as LastPass or 1Password.

News
people And here is why...
Arts and Entertainment
Amazon has added a cautionary warning to Tom and Jerry cartoons on its streaming service
tv
Voices
voicesBy the man who has
Sport
Arsene Wenger tried to sign Eden Hazard
footballAfter 18 years with Arsenal, here are 18 things he has still never done as the Gunners' manager
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Life and Style
The new Windows 10 Start Menu
tech
Arts and Entertainment
Kristen Stewart and Robert Pattinson star in The Twilight Saga but will not be starring in the new Facebook mini-movies
tvKristen Stewart and Stephenie Meyer will choose female directrs
Arts and Entertainment
Hilary North's 'How My Life Has Changed', 2001
books(and not a Buzzfeed article in sight)
News
More than 90 years of car history are coming to an end with the abolition of the paper car-tax disc
newsThis and other facts you never knew about the paper circle - completely obsolete today
Arts and Entertainment
There has been a boom in ticket sales for female comics, according to an industry survey
comedyFirst national survey reveals Britain’s comedic tastes
Arts and Entertainment
Twerking girls: Miley Cyrus's video for 'Wrecking Ball'
arts + ents
Arts and Entertainment
Ed Sheeran performs at his Amazon Front Row event on Tuesday 30 September
musicHe spotted PM at private gig
News
people'I’d rather have Fred and Rose West quote my characters on childcare'
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    QA/BA - Agile

    £400 Per Day: Clearwater People Solutions Ltd: Our client are currently seekin...

    Senior Infrastructure Engineer - Server, Networks

    £40000 - £55000 per annum + Benefits: Ashdown Group: Senior Infrastructure En...

    Application Support Analyst - Service Desk - Central London

    £30000 - £35000 per annum + Benefits: Ashdown Group: Application Support Analy...

    Business Analyst - Surrey - Permanent - Up to £50k DOE

    £40000 - £50000 Per Annum Excellent benefits: Clearwater People Solutions Ltd:...

    Day In a Page

    Ebola outbreak: The children orphaned by the virus – then rejected by surviving relatives over fear of infection

    The children orphaned by Ebola...

    ... then rejected by surviving relatives over fear of infection
    Pride: Are censors pandering to homophobia?

    Are censors pandering to homophobia?

    US film censors have ruled 'Pride' unfit for under-16s, though it contains no sex or violence
    The magic of roundabouts

    Lords of the rings

    Just who are the Roundabout Appreciation Society?
    Why do we like making lists?

    Notes to self: Why do we like making lists?

    Well it was good enough for Ancient Egyptians and Picasso...
    Hong Kong protests: A good time to open a new restaurant?

    A good time to open a new restaurant in Hong Kong?

    As pro-democracy demonstrators hold firm, chef Rowley Leigh, who's in the city to open a new restaurant, says you couldn't hope to meet a nicer bunch
    Paris Fashion Week: Karl Lagerfeld leads a feminist riot on 'Boulevard Chanel'

    Paris Fashion Week

    Lagerfeld leads a feminist riot on 'Boulevard Chanel'
    Bruce Chatwin's Wales: One of the finest one-day walks in Britain

    Simon Calder discovers Bruce Chatwin's Wales

    One of the finest one-day walks you could hope for - in Britain
    10 best children's nightwear

    10 best children's nightwear

    Make sure the kids stay cosy on cooler autumn nights in this selection of pjs, onesies and nighties
    Manchester City vs Roma: Five things we learnt from City’s draw at the Etihad

    Manchester City vs Roma

    Five things we learnt from City’s Champions League draw at the Etihad
    Martin Hardy: Mike Ashley must act now and end the Alan Pardew reign

    Trouble on the Tyne

    Ashley must act now and end Pardew's reign at Newcastle, says Martin Hardy
    Isis is an hour from Baghdad, the Iraq army has little chance against it, and air strikes won't help

    Isis an hour away from Baghdad -

    and with no sign of Iraq army being able to make a successful counter-attack
    Turner Prize 2014 is frustratingly timid

    Turner Prize 2014 is frustratingly timid

    The exhibition nods to rich and potentially brilliant ideas, but steps back
    Last chance to see: Half the world’s animals have disappeared over the last 40 years

    Last chance to see...

    The Earth’s animal wildlife population has halved in 40 years
    So here's why teenagers are always grumpy - and it's not what you think

    Truth behind teens' grumpiness

    Early school hours mess with their biological clocks
    Why can no one stop hackers putting celebrities' private photos online?

    Hacked photos: the third wave

    Why can no one stop hackers putting celebrities' private photos online?