Google's new web browser "Chrome" is pretty nice. I used it for a full day and found quite a few things that I really liked about it. As soon as the few plug-ins that I use daily get equivalents in Chrome, I will possibly use it for every day use. I was sad to learn that one of my biggest web browser pet-peeves is present in Chrome, and it seems to be an even worse implementation of it than Firefox 3's (Firefox 3 Saved Password Security.)
The Saved Password feature of any browser can be invaluable. It saves a great deal of time for passwords that you would otherwise have to enter many times a day. Unfortunately, most web browser make it WAY too easy to gain access to the web site URL, username and plain-text passwords to your accounts. Someone with only a few minutes access to your machine can easily gain access to this information.
In Google's Chrome, all someone (with several seconds alone with your computer) needs to do to steal your information is...
- Open Chrome
- Click customize(the wrench)
- Select Option
- Click the Minor Tweaks tab
- Click Show saved passwords
- Select one of your "secure" sites
- Click Show password
BAM! Someone just stole the web site address, username and password to one of your accounts? I hope it wasn't something important... In Firefox's defense, at least they have a "Master Password" that will require you to enter a password prior to them showing your passwords in plain-text. But no such feature is present in Chrome.
I'm always blown away by people's responses to this problem. People that I show in person are usually shocked when we're both staring at their bank account password in plain-text right before their eyes. People online usually say that no one ever has access to their computer, so their safe, or that they always lock their system when they're away. That's a great practice to get into, but I know the vast majority of users aren't so diligent.
At the very least, the Chrome team needs to add a master password for an added layer of security. I think both Firefox and Chrome should warn the user about this danger and prompt them to setup a master password by default, rather than having saved passwords turned on by default.
No comments:
Post a Comment