Storing passwords in Google Chrome is a bad idea says researcher

A software developer has claimed that Google’s Chrome web browser isn’t the best of the browsers when it comes to trusting it with confidential information such as your passwords.

While working on a project, Elliot Kember decided to switch from Safari to Chrome and while doing so he decided to go ahead and import his bookmarks to the latter in a bid to keep everything synchronized between the two browsers. One thing Kember noticed was the option of importing “Saved passwords” which according to him is an “illusion of choice”. The option shouldn’t have been there in the first place as it was a mandatory step in importing the data to the browser.

Further, the developer notes that there is an option in the Chrome’s settings panel wherein it shows all the saved passwords. We verified this with our Chrome browser on Windows 7 Ultimate and we also saw the same thing (below).

Chrome password screen 1

There is an option to show the password which if clicked does exactly what it is meant to do – shows your password in plain text. Considering that there is no master password blocking access to this particular option, the developer is led to believe that Google is itself not clear on its password strategy.

Chrome, when it particularly stores passwords for websites on Mac OS tends to mislead users claims Kember. Chrome, while saving a password, states that it is going to use a user’s confidential information that is stored in your keychain. Considering that Chrome is using the words ‘confidential information’ it is itself violating the security provided by your keychain by showing the password in plain text – that too without a master password controlling it.

Read the entire analysis here on Kember’s blog.