If you’re a Google Chrome user, you might be alarmed to know how willing your trusted web browser is to show off your secret passwords. If you go to Chrome’s settings > then advanced settings > then manage saved passwords, Chrome will show you a list of all the saved passwords you have for various sites, showing your account’s usernames and passwords in plain text side by side.
This means that if you forget to sign-out of Chrome on a public computer or if you let a friend use your laptop, you’re then giving others access to every single one of your stored passwords in plain text. While a number of other browsers and services use a master password before that kind of information is accessed, Chrome doesn’t currently support that option.
This isn’t a new thing with Chrome either, it’s just that only now has it received widespread attention. Google Chrome developer Justin Scuh states that this is the way Google intends to keep it:
We’ve also been repeatedly asked why we don’t just support a master password or something similar, even if we don’t believe it works. We’ve debated it over and over again, but the conclusion we always come to is that we don’t want to provide users with a false sense of security, and encourage risky behavior. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything.
Now take this knowledge and use it for good and not evil.
