close
MENU
Hot Topic EARNINGS
How to guide
How to guide
Home
The NBR Rich List
NBR Marketplace
NBR Video

Categories

General Business Investment Economics Te Ao Māori Politics Infrastructure Australia Tech & Innovation Finance Law Professional Services Primary Industries Retail Property Deals Marketing & Media Tourism Energy Luxury Property Aviation News Comings & Goings

Analysis

All Economy Matters Edwards on Politics Hunter’s Corner Last Word Margin Call On the Money Shoeshine Underarm NBR Focus

Featured

The NBR Rich List NBR Video Toil & Trouble Politically Speaking Morning Brew Dollars & Sense Startup Stars The Grind Market Outlook Executive Health Market Review Students’ Say The NBR Podcast Opinion (Archive) NBR Radar (Archive) Local Edge Private Bin NZ Aviation News (Archive) NBR Rich List (Archive) Your Business Audio Articles NBR Marketplace
Hot Topic EARNINGS
2 mins to read
4

Kiwi highlights 'insane' Google web browser flaw that displays all your passwords

NBR staff
 Fri, 09 Aug 2013
© All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.

Google's popular Chrome web browser has a peculiar security setup that lets anyone sitting at your PC see all of your website passwords.

Auckland-raised, UK based software developer Elliott Kember stumbled on the fact that if you type chrome://settings/passwords into the address bar (where you usually type a website address), Chrome will list all your website logons and passwords. Passwords are asterixed out, but there's also a Show option. Click it, and you'll see any password in plain text.

That means anyone who access your PC (or smartphone or tablet) can simply write down logons and passwords to numerous sites you access.

NBR technology editor Chris Keall tried it, and found Chrome coughed up passwords to sites like Twitter and Instagram*, but not others that are set to never let a web browser remember a password, such as his bank and Trade Me.

Even with sites that allowed passwords to be saved the list was not nearly complete. Still, given so many people use the same password (or small pool of passwords) for many sites, it's a potentially useful tool for the maliciously-inclined.

Mr Kember's efforts were highlighted by The Guardian, and Computerworld called on Google to introduce a master password. But it not immediately clear if the company would change Chrome's setup.

Google had yet to get in touch, the software developer told NBR ONLINE.

If you're a Chrome user and worried about it, make sure your PC or gadget of choice has a password-protected lockscreen, and enable it before you shoot off to lunch.

And if you're willing to make the convenience trade off, you can choose for Chrome to never remember the password to a given site.

* And, yes, NBR, which allows up to five devices to remember a logon. As ever, there's a tradeoff between convenience, and maximum password protection.

 

NBR staff
 Fri, 09 Aug 2013
© All content copyright NBR. Do not reproduce in any form without permission, even if you have a paid subscription.
Tags
Technology Google

Free News Alerts

Sign up to get the latest stories and insights delivered to your inbox – free, every day.

I’m already subscribed/joined

Free News Alerts

Sign up to get the latest stories and insights delivered to your inbox – free, every day.

I’m already subscribed/joined
Kiwi highlights 'insane' Google web browser flaw that displays all your passwords
31439
false
Subscribe Login