If you use your favorite internet browsing program to save passwords for websites, you might want to rethink this policy. This includes all browser programs, Chrome, Firefox, IE and Safari. In 3 of these, I found the saved passwords were only protected by a user's password or in the case of Safari, the Admin password. The other major browser has a default policy of no password and will expose passwords with a few clicks of the mouse, however, it does allow you to set a Master password separate from a user password.
If you continue to use this method to save passwords please use a strong password and not one you use for all your protection including websites. However, if your browser uses a User or Admin password to protect saved website passwords, I have programs that can crack a forgotten password or generate a new password for a user. In the event your computer is stolen or accessed by a hacker or criminal, they can simply change your password and then proceed to steal your financial website's user name and password.
Lastly, beware this information is readily available using a Googe search.
Google Chrome
I knew about the Password list under settings of Google Chrome but I had never paid any attention to the settings and details of the list. Last week a client needed to be able to log in to a company web publishing account that was created by a user who had left the company. I suggested checking if they had saved the account password in Chrome. Then we could use Chrome to auto login and change the password. I checked the password list to see if the password was saved. What I found was that Chrome will easily spill all its content about passwords, Banks, Stocks, Credit Cards, Facebook, any password that is in the saved password list.
By default, passwords in Chrome's password list are masked by dots to prevent one from seeing the actual password, however by simply clicking on the eye icon next to a password Windows will prompt you for your user login password or pin and voila, all passwords can be viewed by clicking on the eye icon to the right of a saved password.
If you have ever shared your password with a family member, co-worker or haphazardly use easy passwords for protection then any financial, confidential or social media sites you visit that have a saved password can be viewed and compromised. And let me add this, if I know this then hackers and criminals know this and if your computer is compromised by a trojan or malware then they know where to look to get access to your confidential Financial and Personal information. These steps are easily found by Googling for the information.
To illustrate how to expose your password info under Chrome, click on the 3 dots in a line, upper right corner of Chrome browser, then select Settings from the drop-down.
Next click on Passwords,
When you do this the saved and not saved Password list appears
Once the list appears, all I have to do is click on the eye icon and the system will respond with the following Window asking for the computer password/pin.
Once you have provided the computer with the correct password/pin, Chrome will then allow you to reveal the hidden password for every saved account.
Below is my IBJJF password exposed (since changed)...
You might think all this is bad enough but no, there's more.
I have a Chromebook and Android phones. If you have provided your Gmail account to these devices and have Sync and personalize Chrome across your devices turned on, you can go to My Google and find all saved passwords from your Chrome and Android based devices.
Mozilla Firefox and Microsoft Internet Explorer
You may think I'm saying not to use Google Chrome or I am picking on Chrome. I started with Chrome because it is the most popular Windows Browser now. However, FireFox and IE both have the same issue.
The default setting for Firefox doesn't require you to provide a password/pin to show passwords. All you have to do in Firefox is click on the settings icon in the upper right of the Firefox browser, select options,
choose Privacy & Security,
next click on Login & Passwords, Saved Logins.
click on Saved Logins and you are 1 step away for revealing all saved passwords.
Note: Mozilla does allow you to "Use a master password" which you will want to do. This is a better option in my opinion than using the user password for a computer, however as stated this is not the default and Mozilla is wide open otherwise.
Internet Explorer
To accomplish the same feat in IE, go to Internet Tools. If your browser has the Menu Bar option on simply click on Tools and then select Internet Tools from the dropdown, if you don't see the Menu Bar you can access Internet Tools from the Control Panel.
Next click on the Content Tab and select Settings under AutoComplete
Click on Manage Passwords
To expose a password click on the carat symbol to the right of the password.
As you can see the user ID is already there, you will be asked to provide the user password/pin to reveal the password.
Safari
Apple's Safari browser protects Macs behind the Admin password. This is only as secure as the password is strong and breakable using 3rd party hacker software.
