Chrome Saved Passwords security issue
If I save a password in Google chrome someone else can easily see the password from
Setting -> Advance Settings -> Manage saved passwords -> Show (in required password field)
and use it from another computer. Isn't it causing a security issue? I guess it is much secure if it display only the entry and all dots or something for the password (not the actual password).
Is there any acceptable idea of showing the password to anyone this easily?
Note: Firefox is also showing the actual passwords, I Didn't check in IE.
Chrome
It's a security trade off rather than a security weakness. Due to the very nature of passwords, if they are stored in a way that they can be used (ie, to fill out a form), they are stored in a way that can be retrieved, no matter what scheme is used to store or encrypt them. Hiding the option to show the password doesn't change the fact the the application itself at some point has to retrieve it - and when it does so, it's subject to various methods of extracting it.
This sounds like a pretty gaping hole, until you consider the other factors at work.
- In order to retrieve the passwords, an attacker has to get access to the user account or administrator account on the system where they are stored, generally through malware, shoulder surfing, an unattended but unlocked PC, or in some cases where they have physical access, via recovery tools.
- If an attacker can do any the above, they can tamper with the system in other ways, including the installation of keyloggers, remote control software, sniffers, and desktop recording software, so a typed password wouldn't necessarily be any more secure than a stored one.
- A user who stores passwords is far more likely to use unique passwords between sites, and far more likely to use strong passwords.
- A stored password is potentially more secure than a post-it note under the keyboard, since someone actually has to log on to your user account to see it, while they can memorize , steal, hand copy, or photograph the post-it.
In reality, the saved password is at about the same risk as a typed password against a determined attacker, since the determined attacker will be prepared for opportunities like an unlocked PC or unlocked office. With a little practice and advance preparation, a USB drive or website can be prepared to install a rootkit in under 15 seconds - less than the time it takes to get a cup of coffee. If you are worried about someone sitting down and showing the saved passwords, you've got far bigger problems from having an unsecured and unattended PC.
As for master passwords, they are a good tool, but don't put too much faith into them. A serious attacker that has the opportunity to go up against your master password has already gotten far enough to put in a keylogger. It's moderate protection against grab and run attacks on the database while the system is off though, and good protection against casual snoops, but it's not going to stop someone who's serious about getting your password from taking advantage of an unlocked PC.
In summary:
- Saving passwords on the computer is not a serious security risk in and of itself, but it's an aggravating factor that can make it easier for the bad guys to take advantage of your carelessness if you leave your computer unlocked or let someone else use the computer while you are logged in. (They can still do the same damage without you saving your passwords - saved passwords just make it easier for them.)
- Saving your password on the computer makes it easier to use secure, unique passwords.
- Basic security discipline like not walking away from the computer without locking it, not sharing your passwords, not saving YOUR password for the benefit of another user on their PC, and not letting someone else work under your login are far more important security considerations than whether or not to save passwords.
- A master password is still a good idea if you have the option (defense in depth), but don't let it give you a false sense of security. It's an additional factor, not an excuse to be careless elsewhere.
I think there are two things that have to be clarified:
- Firefox allows setting a master password to keep all of your passwords safe (you must type in the master password before it will show you the passwords, or put in in a password box).
- Chrome encrypts the passwords using the user's windows login password.
Why google does something is not some that can be answered by anyone (other than google). Here is what they have said so far:
‘Our decision not to implement the Master Password feature is based on our belief that it creates a false sense of security instead of actually providing a strong security benefit’
I don't get it, and neither do a lot of people, but that is the current status of things. If you don't like this part of chrome, use something like LastPass.
The passwords are not shown easily to anyone. One would have access to your Windows user account, otherwise your passwords cannot be shown. Since noboy except you should have access to your account (by knowing your password), I cannot see how the behavior of Chrome could be a security issue.
While Internet Explorer has no native way to show stored passwords, they are still available to any user that has access to your account, e.g. by using tools like http://www.nirsoft.net/utils/internet_explorer_password.html. Not giving a native way could be seen as a kind of pseudo security.