The last few days have seen lots of press regarding Google Chrome password security, or a lack of it. In summary, someone has made a lot of press around their “discovery” that it only takes a couple of clicks on an unattended PC to display all the passwords you save in Chrome.
Is the problem real or just FUD?
It is a real problem, but not for the reasons most articles claim. To be honest, a lot of the press appears to be FUD – propaganda spread with Fear, Uncertainty and Doubt. Whether that is to damage Google, promote other browsers or just generate more website visitors with clickbait depends on where you read it.
I guess this blog is a fair amount of clickbait, but it does have some useful information in it too!
First of all, the problem is not some new discovery. This isn’t a recently uncovered bug or amazing new hack – it has always been like that. And it’s not just a Chrome password security problem – the problem exists to almost the same extent in Firefox and, if you know what you’re doing, just about every browser.
Some leap to Firefox’s defence with their Master Password option. But it’s just an option, not default, and doesn’t stop your passwords being used, it just stops them being displayed.
If you leave your PC unattended and unlocked you are giving people an open invitation. Most people who answer this invitation just “frape” you (posting an embarrassing status on your Facebook wall). But some may decide to check out a few other websites.
The more prepared will be able to extract every password from Internet Explorer and all your email passwords and settings from Outlook with freely available software, download all your data and install all manner of nasty bits of software. In fact even if your PC is locked, it’s pretty easy to boot up with a different disc and wipe your password anyway.
This is a problem with our attitude to computer security in general not just Chrome password security.
How to improve your Chrome password security
The simplest, first step is don’t leave your PC unattended and unlocked. When you leave it, hold down the Windows key and press the L key. This locks the screen and requires the casual passer-by to enter your password to unlock it again. You do have a password set on your PC, don’t you?
- Don’t store “valuable” passwords such as your main email account and bank passwords anywhere other than in your head.
- Don’t use the same password for every account.
- If you use a Google account, set up 2 step verification.
- Use a password manager like LastPass – just don’t tick the box to keep you logged in on that PC all the time. Otherwise, you’re right back where you started!
- If your data is particularly valuable or sensitive, look into things like drive encryption (but really make sure your backups are good).
The Cloud’s silver lining
As an interesting aside, a frequent concern I hear about storing documents in the cloud is security. As it happens, with 2 step verification and my documents stored in Google Drive, my documents are actually safer in the cloud than on a PC at home. My neighbour was burgled a little while ago – they now have her laptop and all the time in the world to extract the documents from the hard drive. Something not possible when your data is in the cloud.
A Microsoft Certified Professional with many years of large corporate experience and training, he now focuses on helping small businesses make the most of their IT.
Latest posts by Jonathan Gwyer (see all)
- The Geek Loves… his Kindle - December 2, 2016
- Fancy saving 20% off a 240GB Kingston SSD? Today only! - October 15, 2015
- Windows 10 : Google Drive 0 - August 12, 2015