Google puts a stop to Chrome password snooping
Google will soon require Chrome users to sign in before being able to see a list of passwords saved in the browser.
At the moment, going to “chrome://settings/passwords” when a user is logged into Chrome will bring up a list of stored credentials. Passwords are initially concealed with asterisks, but selecting one and clicking the Show button will reveal it in plain text.
There’s no authentication procedure before accessing the information, so anyone who has access to your computer can easily grab your login details.
Google now appears to be addressing the problem, asking users to retype their local OS password before accessing the full list.
“When you are authenticated, you won’t need to reauthenticate any more for one minute,” noted Google evangelist François Beaufort, in a post on Google+.
So far, the new reauthentication system is only in the experimental build of Chrome for Mac. Although Google has yet to confirm that it will extend to other versions, it seems likely to happen.
Security analyst Graham Cluley said he was glad to see Google had “finally seen sense”.
“It was an easy option for them to put in place, and does provide a higher level of protection for users, so it’s a mystery why it took them so long to admit that they were wrong in their previous stance,” he told PC Pro.
“No-one is saying that it’s a 100% answer, but it will protect Chrome users against casual password-snooping by colleagues, friends and loved ones.”