This may be true, but it's important to always frustrate both simple attacks and the technically difficult ones by reducing the attack surface area wherever possible. Google says the only strong permission boundary for password storage is the OS account and that additional controls give a false sense of security. They don't have to be experienced hackers, know how to install malware or even have a high level of technical proficiency to access all of the owner's Web-based accounts. The fact that Chrome doesn't require a master password to view all the saved passwords means giving someone just a few minutes to borrow your computer - be it to check their email or the latest basketball score - would enable them to snoop on your email, social media and other online accounts. Google offers a valid argument and although best practice is to log out of the operating system when leaving a computer unattended, it isn't always practical, particularly in out-of-office situations. Google's response to this perceived security weakness is that in this situation anyone could easily take control of the machine by installing monitoring software or malicious extensions to intercept browsing activity. Here you will notice that any saved passwords are visible in plaintext, meaning anyone with physical access to the device can easily view the user's saved passwords to online accounts as long as the owner is logged into the operating system account. To get to the password section of Google Chrome's settings panel, type chrome://settings/passwords into the address bar. SearchSecurity expert Michael Cobb is standing by to answer your questions about application security and platform security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |