Re: Chrome and passwords
toggle quoted messageShow quoted text
Hi, Brian. This is what I found on Google about Chrome. I’m not excessively security cautious, but, even to me, this is pretty scary.
You might want to think twice before you let someone borrow your computer.
The most obvious risk of allowing someone else access to your desktop is that they can impersonate you, using any app where you’re already signed in. They could send prank messages using your default email client, or profess your undying love for Justin Bieber using your logged-in Twitter account.
That’s annoying, but far from fatal.
But the situation becomes considerably worse if you use Google Chrome to save and sync passwords for easy logins at your favorite websites. An intruder who has unrestricted access to your computer for even a minute can view and copy all of your saved passwords just by visiting an easy-to-remember settings page: chrome://settings/passwords.
That link opens the local copy of your saved password cache, which is synchronized to every machine where you sign in with your Google account.
And the funny thing is, anyone who visits that page can see the plaintext version of every saved password just by clicking a button.
The saved password list shows the web address, username, and password for each saved set of credentials. Initially, the saved password is displayed as a row of asterisks. But if you click the masked password, you see a “Show” button that you can click to immediately display the saved password.
From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Brian Vogel
Brian - Windows 10 Home, 64-Bit, Version 1803, Build 17134
A great deal of intelligence can be invested in ignorance when the need for illusion is deep.
~ Saul Bellow, To Jerusalem and Back