Pinterest Stumbleupon Whatsapp
Ads by Google

Trying to remember passwords is one of the sucky parts of being online. So many online accounts needing to be set up, and that brings with it so many passwords. And since it is now conventional wisdom that you need a strong password, you can’t get away with PASSWORD or 12345.

chromeicon

So when your browser offers you the convenience of a password manager Which Browser Has The Better Password Manager? Firefox vs. Chrome vs. Internet Explorer Which Browser Has The Better Password Manager? Firefox vs. Chrome vs. Internet Explorer Although there are a variety of dedicated password management tools, every modern browser has its own built-in password manager. But just how good are the built-in password managers? We'll look at how each popular browser's... Read More , the offer is too tempting to pass up. Just tell it all your passwords, it will store them for you, sync them The Ultimate Chrome Sync Hacks For Swapping Between Desktops The Ultimate Chrome Sync Hacks For Swapping Between Desktops Are you the type of person that needs unfettered mobility of their browsing data? With these Chrome hacks, you never have to worry about leaving your webpages, tabs and even clipboard data behind. Read More for you, and it will even auto-fill the log-in fields for you. What could possibly be the downside?!

In the case of Google Chrome, quite a lot actually. There’s gaps in it so wide you could walk your pet T-Rex through it.

How the Chrome Password Manager Works

The Chrome password manager is integrated into the browser, and can be enabled in the settings. You have to click “Show Advanced Settings” and then scroll down a bit to see it. Or alternatively you can copy and paste the following into the browser :

chrome://settings/passwords

chromepm1

Ads by Google

This opens up the password manager with all your stored passwords. I am now not using it anymore after realizing its security vulnerabilities. Now I am solely relying on Keepass, so this is an old picture.

chromepm2

Seeing the asterisks in the password area gives a false sense of security. In reality, those asterisks are merely curtains that you can easily pull back. Just tap on one of them and suddenly you see this :

chromepm3b

All you have to do is click that “Show” button and the password is revealed in plain text for you to copy and paste at leisure. On a Mac, all you need to do is click “Show” and you get the password. On a Windows computer, there is an additional layer where you have to enter your Windows OS password (assuming you have set one in the first place). Why this additional check is not on any other OS than Windows is beyond me.

chrome-passwords

The Downsides Of Google Chrome Manager

As I said at the beginning, using Chrome Password Manager is so convenient. It takes away the need to remember something and you can use that saved brain power for watching reality TV instead. Chrome’s sync function also ensures that all passwords are synced across all of your devices Stay in Sync: Access All Your Browser Data From Any Device Stay in Sync: Access All Your Browser Data From Any Device How can you make the process of switching devices more efficient, so that you can easily pick up where you left off? Read More .

But while you are marvelling at modern technology, remember this. You are in fact trading convenience for vulnerability. Let’s look at where your potential security shortcomings are.

No PIN Code

lock

If you don’t put a lock on your computer (a PIN code), then anybody can just come along, start up your computer, start Chrome and get your passwords. It helps a bit that there is no “export” function for your Chrome passwords, so nobody can do a “drive-by mass copy and paste”.

If you have hundreds or even thousands of passwords, nobody is going to have the time or the inclination to go copying and pasting every single one. Nevertheless, if you don’t lock the front door, then you are just asking for trouble when a bad crowd starts lurking.

Tina has previously discussed ways to secure your Windows desktop here 4 Common Ways To Password Protect Your Windows User Account 4 Common Ways To Password Protect Your Windows User Account Protecting your computer with a password should be common practice, especially if many people potentially have physical access to it. Windows provides several levels on which you can set passwords to lock your user account.... Read More and here 4 Creative Ways To Securely Password Protect Your Computer [Windows] 4 Creative Ways To Securely Password Protect Your Computer [Windows] Passwords are a first line defense to your privacy and often they are the only one. If you are concerned about your data, you will want this barrier to be high and strong. As has... Read More . Try them.

Viewing Chrome Passwords Online

This is the biggie when it comes to “you can’t be serious!”. If you look at the bottom of the Chrome password window, you will see this in small font.

chromepm4b

If you go to that link (and sign in), you will see all of your passwords online, in all their glory and finery.

chromepm5

If someone successfully manages to hack into your Google account, they will have all your passwords. So, putting them all online is a very bad idea indeed.

What Can You Do to Strengthen Your Browser Password Security?

I hope you can see how epically bad it is to have your passwords in the browser. So it’s time to lock the door and plug the leaks.

Put a PIN Code On Your Operating System

loginscreen

A good start would be to put a PIN code on your operating system. This stops people from just coming along, booting up your computer, starting Chrome, and looking at your password list. Plus, when you’re away from your computer, put the computer into sleep mode and ensure anyone snooping for passwords will need the PIN code to proceed.

And don’t forget, on a Windows PC, an operating system PIN code adds an extra layer of security for when someone wants to see your passwords.

Use 2-Step Authentication

2stepauth

This has been a part of Gmail for so long now, that anyone not using it only has themselves to blame if they get their account hacked. It only takes 2 minutes to set up, and yes sometimes it gets a bit annoying Can Two-Step Verification Be Less Irritating? Four Secret Hacks Guaranteed to Improve Security Can Two-Step Verification Be Less Irritating? Four Secret Hacks Guaranteed to Improve Security Do you want bullet-proof account security? I highly suggest enabling what's called "two-factor" authentication. Read More , but it adds a bullet-proof layer to your Gmail login page.

If you do decide to use your Chrome password manager, you would first need to sign in before viewing the password list. It won’t matter if Mr or Mrs Snooper has your Gmail password – 2-step authentication What Is Two-Factor Authentication, And Why You Should Use It What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More will stop them in their tracks. To get any further, they would need access to your phone, which I hope you are not casually passing around to people. You should have a PIN code on your phone as well to protect the Authenticator app, and don’t let any SMS messages appear on the lock screen (for when Google sends you 2-step codes by SMS).

Use a Third-Party Password Manager

keepass

As I said earlier, I am now exclusively relying on KeePass 8 Plugins To Extend & Secure Your KeePass Password Database 8 Plugins To Extend & Secure Your KeePass Password Database The KeePass password manager supports plugins that extend the usefulness of the program, much like a browser. Here are eight plugins you should consider adding to KeePass. Read More to store my passwords. The password database is in my Dropbox folder, and provided the database is closed on all my other devices, I can sync any changes to wherever I am working.

But KeePass is not the only possible third-party password manager 9 Password Managers to Make Use Of [We Ask You Results] 9 Password Managers to Make Use Of [We Ask You Results] Creating and remembering passwords for every website you interact with is a real pain in the ass. Unfortunately, it's also essential. Read More . We have also repeatedly covered LastPass Securely Synchronize Your Browser Passwords With LastPass Securely Synchronize Your Browser Passwords With LastPass Read More in the past, and 1Password Let 1Password for Mac Manage Your Passwords & Secure Data Let 1Password for Mac Manage Your Passwords & Secure Data Despite the new iCloud Keychain feature in OS X Mavericks, I still prefer the power of managing my passwords in AgileBits's classic and popular 1Password, now in its 4th version. Read More . You can also go old school and keep your passwords in a text file. You would protect it from prying eyes by keeping it in an encrypted container, which would sit in your cloud account. You can encrypt it with something like VeraCrypt TrueCrypt Is Dead: 4 Disk Encryption Alternatives For Windows TrueCrypt Is Dead: 4 Disk Encryption Alternatives For Windows Read More or Windows’ Bitlocker Free Military-Grade Privacy For Your Files: How Bitlocker Works [Windows] Free Military-Grade Privacy For Your Files: How Bitlocker Works [Windows] Ever heard that quote about trying to explain how a television works to an ant? I'm not calling you an ant, even though you are hard-working and enjoy the occasional sip of aphid milk. What... Read More .

Encrypt Your Chrome Password Manager

If you absolutely MUST use Chrome’s password manager, then there is a way to encrypt the whole thing, and which would stop them from being viewable online. However, they are still viewable if Chrome is running or can be opened.

To encrypt the password list, go to Settings (or copy and paste chrome://settings/passwords in the URL bar). At the top is where you would enter your Google account credentials for syncing your browser data. If you are logged into a Google account, you will see a button that says “Advanced Sync Settings“. Click that and look towards the bottom of that box.

chromepm6

Your encryption options will consist of encrypting synced passwords with your Google account details (which is the default setting). Or you can go the more secure route of encrypting the passwords using a separate secret passphrase. Google claims they don’t store your passphrase, so if you forget it, you will need to reset everything.

So think of a phrase that nobody would figure out, enter it twice and save. The next time you use Chrome on your other devices, you will be asked to enter the passphrase before everything syncs. But this is a one time “set it and forget it” deal.

If you now go to the password page online, you will now see this :

googlepm7

Also remember to deselect the password save option in the Chrome settings. Now you won’t be asked if you want to save them or not.

Try Not to Be Too Lazy

We are all lazy to some degree, and anything which affords us a certain amount of comfort and convenience will always be snapped up. But you have to remember that every benefit has a downside as well, and in this case, you are sacrificing your security…for what? Not typing a password? Is it really worth THAT much?

So wipe your browser Password Manager (Settings–>Show Advanced Settings–>Clear Browser Data–>Passwords), and from now on, use a third-party solution. Or encrypt a text file. Then you can relax a bit, knowing you have made any potential password theft a lot harder.

Are you about to delete your Chrome saved passwords? Or do you use a password manager? If so, do you use the standard one in the browser or do you use a third-party one?

  1. David
    October 22, 2016 at 3:31 pm

    If I remove those passwords from password manager, will it remove them from other computers I have that use Google/Chrome. I am returning a computer and would like to shut the psswds down, but don't want to remove them from the computers I still have.

  2. A41202813GMAIL ..
    February 24, 2016 at 3:49 am

    ( From Another Thread )

    I Will Never Ever Ever Hand All My Life Keys To Strangers, Period.

    Why Would I ?

    I Can Easily Create And Remember Individual Passwords For Individual Situations.

    Am I The Only One Who Have Heard Of Such Services Being Hacked, Too ?

    Why Would I Hand All My Life Keys To Any Third Party Software Or Service ( Including Any Browser Password Saving Feature ) ?

    What Can Possibly Go Wrong ?

    Cheers.

Leave a Reply

Your email address will not be published. Required fields are marked *