I just read an interesting article in Sophos about the rather insecure method that the Google Chrome browser saves passwords. If you click on the click on the “Customize and Control” icon at the far right of the address bar, choose “settings” from the menu, click “Advanced Settings from the link at the bottom of that window, then scroll down to “Passwords and Forms”
Click on the “Manage saved passwords” link. You will be shown a list of the websites where you have stored a saved password, and clicking on the “Show” button will show your passwords in plain text.
This is NOT secure. Anyone sitting at your computer can view your passwords.
Firefox has a similar feature. You are able to protect them with a master password, but you have to set it up. Click on the “Tools” menu, select “Options” then click on the “Security” tab. Check the “Use a master password” box and set up your password. Without the master password in place anyone sitting at your computer can harvest your passwords.
Internet Explorer saved passwords are a bit more difficult to find, as you have to open the Control Panel, User Accounts, and click on the “Manage your credentials” link to find them, but they are not shown in plain text.
A determined hacker who has tricked you into installing a Trojan horse is, for all intents and purposes, sitting in front of your computer. Even the IE passwords that are obscured can be downloaded in their encrypted form and revealed in short order (a couple minutes to a day or two generally) using password cracking software.
We advise our clients and those people who take our computer security class, “The Bulletproof Computer,” never to let the operating system or browser store your online passwords. We are now offering you the same advice. Protecting yourself from online exposure is more important than ever, since the tools the bad guys use make it trivial to break most passwords shorter than 8 characters. Do what you can to make it as difficult as possible.Share