August 19, 2013
Google Chrome’s Security Hole
I am new to Google Chrome. I have been a Safari user for years, and I love the web browser. However, I recently downloaded Chrome for a variety of reasons, so I am checking it out and deciding what I think. I still have Safari, and still use it, but I have been browsing via Chrome for the past couple of weeks.
I know. I am behind the tech curve here since Chrome is the most popular web browser in the US. Forgive me.
Thus far, I have been enjoying it. Chrome is pretty easy to use and works in ways similar to Safari, which I really like. I must say I enjoy using it. I have not really found anything I dislike about it. That is, until recently when I read about something that concerned me. The Huffington Post wrote about a “security hole” in Google Chrome.
Chrome allows users to save passwords and logins for websites in order to make logging in easier and quicker. Nice, right? It is definitely convenient, but it just might also make it easy for someone to learn your passwords. According to the article, “Whenever someone uses your computer and opens Chrome, he or she has complete access to all your saved passwords with a few clicks of the mouse.”
All someone in the know would have to do is type the following into the search bar: chrome://settings/passwords. After hitting enter, a window will pop up showing all the sites one has saved login and password info for. At first glance, the passwords are coded, but once you scroll over them, a “show” button pops up that once clicked decodes the password, and voila! Someone has access to all your info saved in Chrome.
Now, one can easily remove any saved passwords and login in this window too. Simply scroll over the site, and an “X” will appear. Click on the “X” and the saved information is deleted. This is important to know, but my concern is in the ease with which one could gain access to another’s saved information. I do not use this feature in web browsers for no other reasons than I do not want to forget my login and passwords for anything, so the more often I have to type them in, the more likely I am to remember them. But many people do use the save feature.
The obvious answer to this is not to let someone you do not trust use your computer. Moreover, when someone is using your computer, standing by to watch his or her moves will likely prevent any dishonesty. But many want Google Chrome to create a master password option so that each individual person can have a master password for the Chrome save password information feature. Google’s reaction to this came from Justin Schuh, head of Chrome security. His argument was that a master hacker will steal information regardless. And he is right. Obviously, if a hacker wants the login and password to some account bad enough, a hacker will figure out how to get it. But the concern is not about a hacker. It is about the everyday person who borrows another’s computer. With just a little knowledge of the right url to check the login and passwords, anyone can gain access to saved data.
Schuh followed with, “We’ve also been repeatedly asked why we don’t just support a master password or something similar, even if we don’t believe it works…We’ve debated it over and over again, but the conclusion we always come to is that we don’t want to provide users with a false sense of security, and encourage risky behavior.”
This is interesting information about Google Chrome. It will not make me stop using the web browser, but I will not be saving any login or password information, even if I were so inclined to do so. I like Chrome, really, but I also think it is important we understand the implications of the technology we use.
Image Credit: Thinkstock.com