Major Password Security Flaw Exposed In Chrome

[roamingguy 300291]

http://www.geektown.ca/2013/08/major-password-security-flaw-exposed-in-chrome.html

 

RG

[PistolPete 61421]

I memorize all my passwords (even when they are changed), I never save them on a browser.

[Bianca Jaguar 39183]

Good thing Pete, in my case I write them down now...so much a brain can remeber!:icon_frown:

 

I don't use chrome anymore...too much issues with it

[Phaedrus 209521]

Firefox also does this, although you can set a master password for the browser to prevent it. Apparently IE stores the same information but it's a little harder to get.

 

Really, everyone here should be paying attention to this - unless you're completely open about what you're up to with everyone. Do you really want your SO finding your CERB username and password? It could quite easily happen. Do you want ANYONE finding your bank account password?

 

This is more than a little worrying.

[canuckhooker 19202]

Why anyone would save a password in the browser is beyond me. It is such a huge potential security flaw.

 

I just use "Hello" as my password for all my sites and I am set. Never have to worry about forgetting it, and it is not saved anywhere. Nobody would guess that, right? :P

[Guest f***nds4f**]

I am using RoboForm password program. It works well. If you use under ten passwords, it is free.

 

There are some other free password management programs.

http://www.techrepublic.com/blog/five-apps/five-free-and-secure-password-management-apps/

[Guest S*rca****sid]

I am using RoboForm password program. It works well. If you use under ten passwords, it is free.

 

There are some other free password management programs.

http://www.techrepublic.com/blog/five-apps/five-free-and-secure-password-management-apps/

Wow, you get to use up to 10 free? Try using one of these alternatives and they give you unlimited storage of passwords.... and they are free.

 

<a href="https://lastpass.com/" target="_blank">LastPass</a>

<a href="https://www.dashlane.com/en/" target="_blank">Dashlane</a>

<a href="http://keepass.info/" target="_blank">KeePass</a>

 

LastPass is the most popular and easiest to use. Both LastPass and Dashlane have mobile apps for mobile devices, but I believe there is an additional cost.

 

KeePass is the only one that is stored locally (which means you don't need an internet connection) on your computer and it has the most features. This is open source which keeps is free, but it is for the more advanced user.

[Boomer 33202]

Good of RG to point this problem out, but it seems to me that it should remind us all to take great care with our security. Today passwords are used for so many things and across multiple platforms, one has to have a well thought out plan. I personally use three different levels, the first is low level and I can use it for multiple accounts, no real problem because their is no personal data to be gleaned here. The second mid level where I have a few passwords which I use some simple variations to access various services.

 

The third is what I would refer to as secure and I select these carefully (bank account, credit cards) and try to use all the tricks, upper and lower case, alpha numeric, and lengthy passwords. The problem is of course that my memory isn't what it used to be, so I use a password vault for storage. First I have a good strong password to access it, and then it's designed to destroy the information if more than three invalid attempts to access it are made. I can always recover it from a backup which is keep away from the computer and not accessible offline.