Saved passwords in Chrome aren't as safe as you might think 

Un topic that has always been something to talk about is the subject of password security and it is that from the choice of these to how to store them for later use, it is something with which special attention must be taken.

And is that one of the solutions that have worked “well” until a certain point are the password managers or better known as "password managers", which are responsible for storing, providing access credentials in forms and, above all, suggesting secure passwords to the user.

Of these, we have talked about several here on the blog, they have been recommended and even various web browsers have already implemented their solution and for the case of this article we will talk about Chrome.

As every time a chrome user logs in to a site or social media platform, you have the option to save your data login so you don't have to re-enter your credentials next time.

However, the signature cyber security ESET believes that while this feature can save time to users, cannot protect your passwords and credentials from hackers.

And it is that in a report from the Slovak company ESET addresses the issue of password security, whether users should trust this password management function and what can happen if things go wrong.

If a hacker breaks into the system, they will have unlimited access to the information of the user's navigation, as well as all the data installed and saved on the device. Not only that, but even passwords saved in Google Chrome will be in the hands of attackers. This is not the first time such an attack has occurred.

It's been a long time since hackers made their way into the files where users keep all their passwords and other valuable information, such as bank details.

The saved connection data file is present in the folder from the database to local storage. Next, "DB Browser for SQLite" is used to extract all the data stored in the file. This data includes links, username and access code.

Although recorded data is encrypted, the hacker has the advantage of being able to control the victim's device. Thus, the password is decrypted thanks to CryptUnprotectData.

If a hacker performs these functions manually, on the other hand, specially programmed malware can instantly decrypt the information. Not just malware, but even some online links can have hidden bugs that can harbor such malware capable of taking over any system.

That's why the best way to prevent this kind of thing from happening is to not save important passwords related to banks, medical records, or any major social media platforms.

And although many may say that for this to happen the attacker must have access to the computer, we must know that anyone with sufficient knowledge will be able to access the victim's order, either in person or by inciting the victim to take some action. (say install, give relevant information or any other method that leads you to gain access).

Or as also mentioned, you just need to install something designed by the hacker so that the hacker can just get the database and then obtain the data of your interest.

Finally, it is worth mentioning that in itself it is not something new nor is it the discovery of the wheel, how they can see the passwords stored in a browser.

What is worth mentioning is that both the browser developers, researchers, firms, among others, have taken all this into account and have modified in the case of Chrome for talking about this article, that to see the passwords you must resort to using the credentials to access the system, as for example in the case of Windows, but it is still not enough.

That is why here we recommend the use of cross-platform password managers and especially open source.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.