Nowadays, most modern web browsers offer a feature that will allow you to store your passwords in the browser. While this is useful in some cases, this can spell disaster.
For example, if you loan your computer out, the passwords stored in the browser will automatically be filled in by the web browser. This gives the person you loaned it out to access to do all kinds of things. The most mundane of which is to log into your social media accounts and proclaim "your" undying love for Justin Bieber... or something of that nature.
The worst they can do is as follows:
1. Harvest those passwords and save them for later use.
2. Send out derogatory emails that you would never send.
3. Log into your bank account and get your credit card info which can then be used to purchase contraband on the internet. Or just rack up big charges witch you will have a not so easy time refuting.
Among other things...
But this type of damage can not only be done by someone who you have given the computer to. In the case of Google Chrome in particular, which according to many stat counting websites is the most popular browser, someone who has access to the computer for even a minute can steal your passwords.
How it works in this case is something that anyone can remember. And if you are using Chrome, you can try this as well.
Step #1: Go to chrome://settings/passwords
Step #2: Go to a random set of asterisks you see.
Step #3: Click the show button.
Surprised? This is the local copy of your saved passwords cache. And anyone who can remember that settings page can access it. And it is not just passwords, It's also the web address and username.
Anyone who can lure you away from your computer for a few minutes can get all the info they need to make your day go from not bad to a living hell.
The more interesting thing is that this is not a bug, it is a feature.
Now, what can we do about it?
Option #1: Don't save passwords at all, rely on your memory. Even my memory is not great, but remembering several different passwords which are likely long strings of characters should not be an issue, right?
Option #2: Put passwords on Post-Its and place them on your computer monitor. Yes, now only anyone with a pair of cheap binoculars can see them. This is much much safer, right?
Option #3: Install a password keeper that is independent of Google Chrome. This is a viable possibility as long as the password keeper encrypts your passwords until you decrypt with a master password which you have memorized. Mozilla Firefox also offers a feature similar to this if you do not want to install more software.
Thank You for reading. I hope you think of this post whenever you see that pop up from Google Chrome offering to save that password for you. If not for security's sake, do it to make snooping from the NSA a bit harder.
No comments:
Post a Comment