Chrome's crazy password-saving policy-Save your password when you log on to a new site, have you considered security issues?

Source: Internet
Author: User
Keywords Password Chrome
Tags class click different find google google + google+ it is
class= "Post_content" itemprop= "Articlebody" >

In the process of logging on to various websites, we often use different username and password, which can cause memory burden. If you are a Chrome user, you will be prompted to save your password when you log in to a new site, and it is likely to click OK. By doing so, you can automatically log on to various websites, and sync in different computers is really very convenient. However, have you ever considered security issues ...

You might think that Google must have encrypted the password and kept it in the system, or simply kept it in the cloud. If so, prepare to shock yourself and your little friends. The reality is that Chrome doesn't encrypt your password, and what's more frightening is that anyone can see your password without any hacker technology.

Go to Settings, view "passwords and Forms" items, click "Manage Saved Passwords" (or direct access to chrome://settings/passwords), and you will find all of your saved username and password. Yes, passwords are displayed as small black dots. However, if you click on it, you will find the word "display" in the back of the password, click on it, and you will see the password. It's that simple.

Google's talented engineers make stupid mistakes! Wait, wait, this obvious security flaw cannot be wrong, should be a function? Congratulations, you guessed right. Because the Chrome security chief said it was intentional and they were not going to make any changes.

Elliott Kember, a software developer, wrote about the issue on his blog, and in his view, Chrome's strategy of saving passwords was crazy. Every time he reflected the problem to the person who knew the technology, the answer was:

1, with 1Pass

2, when other people directly contact the computer, it is not safe

3, password management should be like this

The

problem is that ordinary users do not know that passwords are saved in this way

Find someone who doesn't know the technology. Borrow their computer. Visit Chrome://settings/passwords and click "Show" in the password line to see what they say. I bet they won't say, "Password management is the way it is." ”

Elliott Kember's article got a lot of attention in hackernews, so Justin Schuh, the Chrome security director, responded.

He said that Elliot Kember is entirely a small white user's view, they spent many years thinking about the problem, and there is a lot of data to support the decision, in his view, if someone hacked your system user account, even more security is useless. The idea of password encryption is well-intentioned, but the Chrome team doesn't want to give users the illusion of security or encourage risky behavior. That's not the way they deal with security issues.

"The illusion of security"? Does the ordinary user go to the setting to understand the fact that the plaintext is saved? If Chrome explicitly prompts that "passwords will be stored in clear text," the user may not have a "security illusion", but in the absence of more prompts, the user will create a "security illusion." In addition, according to the Google engineer's logic, once the bad guys enter your home, everything is in danger, so do not lock any cabinets? Weird logic, and in reality, security issues must come from professional hackers?

We don't know if Google's genius engineers will change their minds. However, if you pay attention to security issues, quickly remove all the saved passwords, and then click "No" when Chrome prompts you to save the password.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.