Understanding passwords saved in your Chrome browser

 
The Chrome Browser.png

Every year Google offers millions of dollars in prizes to hackers that can hack Chrome or Chrome OS. Chrome, similar to the Linux project, is part of an open-source software development effort called ChromiumChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all Internet users to experience the web.

The open-source nature of the project and Google's proactive work to find security flaws produces an extremely secure browser.  

Chrome security benefits from built-in malware and phishing protection and auto-updates to make sure you always have the most up to date software. Chrome also leverages a great security feature called sandboxing, which they discuss in this video.

 

There's been a good deal of press in the last few days about a "Google Chrome security flaw" regarding passwords which unfortunately is misinformation. Wired.com has a great post discussing the topic. So is Chrome secure or not? Yes. But it is important to know how you can keep it that way. 

Chrome, like other browsers, does indeed store your passwords if you authenticate (sign in) and select yes to "save password" when prompted. It always has. This is also done by other browsers as well as your operating system of choice. 

For example in Firefox, Windows, or OS X you have always been able to go look at your saved passwords in the security settings, the Credentials Manager or Keychain Access respectively. We save passwords because it's convenient and most of us do not have photographic memories. 

I save my passwords in Chrome so I can sync them across all my computers and devices. You have a lot of options when it comes to how your Chrome data is synced.  

Chrome Sync Settings.jpg

There are a few things to understand that can help you improve your security. 

  • If you share your computer with other people you do not trust you should have different profiles set on the operating system itself and log out whenever you're not using the machine.  

  • Physical access to your machine does mean someone with the right skills can gain access. If I have your car, I can get into the glove box regardless if it's locked or not. This is how your local computer technician can regain access when someone forgets, or has no idea, who set the admin credentials. 

  • You are your own worst enemy. Don't use "password1" as your password. Have an OS profile just for guests if people you don't trust are going to use your computer. Don't save passwords or any information on public computers.   

  • If you're using someone else's computer or a public computer, browse in Incognito Mode in Chrome, Private Browsing in Firefox, or Guest mode on Chrome OS.  This will help keep you from accidentally, or by habit, saving information to their computer or applications. Incognito Mode is available in the Chrome > File settings. Private Browsing is available in Firefox > File settings.  

  • The biggest risk to the safety of your data is not some high-tech hacker who is diligently working to figure out the password to your Walgreens account. It is a lack of disaster recovery capabilities like backups. When we sync our data to Chrome we create redundancy for ourselves. Should our computer hard drive die, it's definitely nice to log right back into Chrome and not miss a beat. We can keep our files safe and sound in Drive, Dropbox, or Box. Or we can leverage a service like Carbonite to backup our entire machine. 

If you have any tips on improved security let us know!