Extracting Your Passwords From Google Chrome Is As Easy As ABC

By | August 7, 2013


Extracting Your Passwords From Google Chrome Is As Easy As ABCTook us five years to figure that out.

Now here’s something that you wouldn’t expect from the 1st class software. According to Elliott Kember, the software develoepr and director at Riot, Google does an absolutely horrible job at protecting your sensitive data.

As it turns out, extracting your Google Chrome passwords is so easy, it’s actually mind boggling. All you have to do is type chrome://settings/passwords in the URL bar and that’s it. There are no master passwords, security prompts or anything of that nature.

Extracting Your Passwords From Google Chrome Is As Easy As ABC

So who’s getting fired for that? Absolutely no one, as explained by one of the security leads working at Google, once they surpass the OS password (if there’s any set), you are out of luck.

We’ve also been repeatedly asked why we don’t just support a master password or something similar, even if we don’t believe it works. We’ve debated it over and over again, but the conclusion we always come to is that we don’t want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. Because in effect, that’s really what they get.

That’s just plain delirious.

[Via: Business Insider]

[Source: ElliotKember, Y Combinator]


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

Comments (7)

Trackback URL | Comments RSS Feed

  1. cristianer says:

    That’s why I never save passwords in the browser.

    • Tiago Sá says:

      Firefox has a master password like any other password manager.

      • Mehran says:

        He never mentioned something about FF, did he?

        By the way, I disable that through lastpass plugin and things seems to be a little more secure

  2. Andrew says:

    This is news? I’ve been getting at passwords I’ve forgotten like this forever.

  3. Srap says:

    I’d copy a guest post from another site (Techspot). While’ it isn’t my writing, I agree with it:

    “It’s true, once someone has local access to your PC without your
    permission there are much worse things they can do than look at
    passwords. it’s by design. local access to your personal account on your
    computer is your own responsibility IMHO..”

  4. asdf says:

    A new low for Vygantas …

    Now I wonder why the hell did I subscribed to this site …