Cover Yourself: Google Leaves Your Passwords Exposed

We would like to assume that passwords saved in our web browser are stored in a secured virtual lock box, helping us to surf the web with increased speed and easily log into our favorite sites without sacrificing safety. Unfortunately, this might not be the case on Google Chrome, as it was recently brought to light that passwords stored on the browser could be made visible to anyone who knows where to look.

Most web browsers give you the option to store your passwords for convenience, so that when you revisit a page you are automatically logged in. This is especially helpful as it saves you from having to remember or pull up passwords with sites you frequent such as email, social media sites, online shops and even banking sites.

Google might have made a mistake when it comes to the safety of your personal information stored on their Chrome search engine. It seems that passwords stored in their browser are saved as very readable text. Passwords saved on Chrome appear to be stored away safe, but anyone could view these while on your computer by visiting this link: chrome://settings/passwords, clicking on any password in the list, and then selecting “Show”. This action exposes passwords in plain text.

Although this aspect to Chrome isn’t really that new, it is has gained a good deal of attention after a software engineer brought it to light in a recent blog post.

Google is not taking full blame for the “flaw”, stating that if someone has enough access to your computer where they are able to view your passwords on Chrome then your computer is already significantly compromised. A Google security spokesperson argued that by the time someone was that far into your operating system they could already upload malware and access whatever sensitive data they would like to take.

That may be the case with hackers and other cyber snoops, but what about those closer by? A coworker, untrustworthy roommate or other nosy person in your life could view passwords to all of your most used social media sites or online shops. Soon someone could be posting to Facebook as you, or order a slew of shoes as you with your stored payment information.

What can you do to protect yourself from such unauthorized glances into your personal information?

For a quick fix if lending your computer to a friend, coworker, roommate, sibling, etc., you can always disconnect your Google account in Chrome settings, and then sign yourself back in once your laptop is returned. But for more surefire protection of your secure data from both hackers and friendly snoopers use these tips:

  • Lock your device. Make sure to put a PIN or passcode on your device and set it to auto lock after a certain amount of time unused so that people can’t access your computer or mobile device.
  • Don’t store passwords on Chrome or any browser. You can opt to stop saving passwords in Chrome. Go to the Settings menu, select Advanced Settings and uncheck the “Offer to save passwords” box under Passwords and forms. As a good rule of thumb, you should not select the “Remember me” function in your browser when you visit sites that require a login.
    • This will only stop saving passwords in the future. In order to delete presently saved passwords within the Settings menu again select Manage saved passwords and simply chose to clear out all the passwords.
  • Don’t visit risky sites. Hackers could use malware on dangerous websites to get access to your computer, your browser and saved passwords. Double check the URL of any pages where you enter your login information, especially when using third-party apps or websites. And make sure to use safe search tools that will warn you when you are about to enter a malicious site.
  • Don’t click on messages from strangers. Email and social media messages can include suspicious links that could lead you to spyware or other malware. Before you click, verify if the message is indeed from a trusted source.
  • Double your protection with two-step verification. On sites that offer this, give your passwords the additional protection that will send your phone a message whenever your account is being accessed from an unknown computer or mobile device.
  • Use comprehensive software like McAfee LiveSafe™ to protect all of your devices, your identity and your data. LiveSafe also includes a password manager for a single click login on any site across multiple devices and a safe search tool for warning you before visiting any risky sites.

For future updates on consumer threats and online safety tips, be sure to follow us on Twitter at @McAfeeConsumer or on Facebook.


Leave a Reply