The Danger of Saved Browser Passwords

As illustrated by the articles provided as examples in the references below, the hot topic in tech news today is the way the Google Chrome browser stores saved passwords.  Any passwords saved on the browser are visibly accessible by anyone with access to the computer via chrome://settings/passwords.

Yes, the key is that someone has to have access to your computer in order to see the passwords.  However, with light-weight laptops, netbooks and tablets, people are more likely than ever before to take their device even on excursions to the library, local coffee shop or diner.  Leave the device unlocked and untended for minutes and even if the device is not missing, someone could have easily had access to your Chrome passwords in plain text.

What?  You say your e-mail, bank and credit card company passwords aren't saved.  Unless you use a very complex and unique password for those venues, how long do you think it will take to figure out those passwords?

Then, there is the shared family computer.  Even if family members are set up with separate Standard User Accounts (see reference), how often do you walk away from the computer without logging off?  It isn't that we don't trust our children, but we may not know all of their friends or they may think it a funny joke to go to your favorite web forum and post some silly nonsense. 

Don't a lender or a borrower be also applies to your computer.  In the event you do agree to let a friend or family member borrow your computer, either enable the guest account or create a Standard User Account for their use. 

What about Firefox?

Correct.  With Firefox, clicking Options > Security >Saved Passwords > Show Passwords reveals site passwords in plain text just like Chrome.  The major difference between the two, however, is that Mozilla provides a simple mechanism to create a Master Password.

After creating a master password, you will be prompted to enter it once when accessing your stored passwords.  Granted, it will also be necessary to enter the master password when you agree to Firefox remembering a new password, removing a password but your security is certainly worth that effort.

Most importantly, the master password will be needed for each Firefox session for each time you show your passwords.  So, if you do walk away from your computer, no one will be able to access your passwords.

Password Managers

Another option that is available for users of any browser, regardless of whether the password is visible or saved is a password manager program.

With a password manager, it does not matter which browser you use.  All passwords are secured. Rather than saving passwords to your computer, with a password manager, you only need to remember one password to access everywhere.

• 1Password (Licensed $49.99 USD)
• KeePass Password Safe (Free, open source)
• LastPass (Free and premium version available)
• RoboForm Password Manager (Free for 10 Logons, Licensed version available)

References

• Chrome's Password Security Strategy Is Insane
• Do you save passwords in Chrome? Maybe you should reconsider
• Google Chrome policy exposes user passwords on purpose: Here's how to prevent it
• MozillaZine Knowledge Base: Master password
• Using a Standard/Limited User Account

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...