Google’s web-browser, Chrome is all in news these days as it has come to everyone’s notice that Chrome stores password in clear text. What this means is that anyone can access your saved passwords in Chrome, without any effort. Now the bad thing about Google Chrome users is that this is an extreme serious matter, and therefore some precautionary steps need to be taken in order to protect saved passwords.
How anyone can access saved passwords in Chrome
Yes, ‘anyone’ can access saved passwords in Chrome, and not just the actual user of the browser. This means that if your computer is unlocked (and you haven’t set a password), then even your friend can view the stored passwords.
To view passwords, launch Settings > Show advanced settings and click on “Manage saved passwords.” You’ll now be able to see a list of all websites and services where you’ve saved passwords. To view a password of any website, simply click on the website and then on “Show.” And there goes your saved password, revealed to anyone who has access to your PC even for a few seconds.
It is worth noting here that if your computer ever gets stolen, Chrome will treat your Windows password as a master password. If the thief is not able to access your Windows account, then they will not be able to access Chrome passwords, either. However, since Windows account password is constant, even external utilities will be able to decrypt and read your Chrome passwords. For example; the free utility named as ChromePass by Nirsoft allows you to view the user names and passwords stored by Google Chrome.
Tips to protect or secure stored passwords in Chrome
So how would you protect your saved passwords in Chrome? Well, that’s easy! Simply start following these tips:
Lets start with the basics. Use a very strong Windows account password so that even if someone gets access to your computer, that person won’t be able to login to Windows. If that person is able to login, then he/she will be easily able to access saved passwords in a jiffy.
Protect your computer from malware. Just think that if third-party utilities are able to access your Chrome passwords, then why not malware? Use a good antivirus or security suite.
Don’t store sensitive account passwords on your browser. For example, don’t store passwords of bank websites, email accounts, other financial and such sensitive information on browsers.
Most important of all, use a third-party password manager like LastPass. When setting-up LastPass for the first time, you will need to create an account with it. It will then store all of your Chrome passwords using AES 256-bit encryption, and it also has the ability to sync passwords between different web browsers and platforms. LastPass is available not only for Chrome, but also for Firefox, Opera, Safari and Internet Explorer.
It comes with an option to protect all passwords with a master password so that only ‘you’ can view your passwords. What’s more, if you want to add one more layer of security, then you can also enable the multi-factor authentication option.
If you’re not comfortable with using an extension, then you can use KeePass instead. It is a desktop program that stores passwords locally instead of any third-party server. Just like LastPass, it allows you to generate random strong passwords, and you can also encrypt all passwords with one master password (one feature that Chrome is missing). However, since your passwords are stored locally, it can be a disaster in case of a hard disk failure, or re-installation of Windows.