Protect Your Passwords: Why You Should Avoid Chrome's Password Manager
Welcome to another post from Tech on Myke Educate. As our online activities continue to surge, users find themselves creating multiple accounts on various websites. This increase in online accounts naturally leads to a rise in the number of passwords, making it challenging to remember them all. When logging into an account, Google Chrome often offers to save passwords within the browser. This convenience is tempting, and many of us allow Google Chrome to save our passwords. However, this might be a significant mistake.
A recent Google Chrome bug resulted in the loss of passwords for 15 million Windows users, impacting industries such as banking and healthcare. The 18-hour problem brought into question the dependability of online password managers.
How Your Passwords Get Compromised in Google Chrome
When you open Google Chrome on a Windows device and navigate to the settings to check your saved passwords, Chrome will ask for Windows login credentials to reveal the passwords. At first glance, this seems secure. However, there's a significant loophole in Google's Smart Lock feature.
If you use a shared device or if a hacker gains remote access to your device, they can easily uncover your saved passwords. Here's how it works:
- Accessing Passwords: A hacker would open Google Chrome and go to its settings.
- Autofill and Password Manager: They would then go to Autofill and open the Password Manager. Although they cannot check the passwords directly (as Google Smart Lock will ask for Windows credentials), they can see the names and URLs of the websites for which you have saved passwords.
- Exploiting Autofill: By navigating to a specific website, like Facebook, Chrome will automatically fill in the username and password or ask for approval to autofill the login credentials. If the website has an "i" button beside the password field, hackers can simply click it to reveal the password.
Bypassing the "i" Button
Even if a website does not have an "i" button to reveal passwords, hackers can still bypass this security measure. Here's how:
- Example Website: Using the website Remember The Milk as an example, which does not have an "i" button.
- Inspect Element: Right-click on the website and select "Inspect" to open Chrome Dev Tools.
- Edit as HTML: Right-click on the body tag and select "Edit as HTML." Scroll down to find the value type="password."
- Change to Text: Change "password" to "text" and click anywhere in the Dev Tools.
- Reveal Passwords: Minimize Chrome Dev Tools, and the actual passwords will be visible instead of asterisks. This simple trick does not require any programming knowledge.
The Optimal Solution
The best way to protect your passwords is to avoid using Chrome's built-in password manager. Instead, switch to a third-party cloud-based password manager. Modern password managers provide Chrome extensions to access the program directly within Chrome. If you're unfamiliar with password managers, you can check out our previous articles for more information.
Recommendations
Premium Password Manager: Our top recommendation is NordPass. It offers robust security features and seamless integration.
Free Password Manager: If you prefer a free option, consider Bitwarden. It provides excellent security and functionality without the cost.
Support and Subscribe
If you found this post helpful, please subscribe to our channel using this link: http://www.youtube.com/@MykeEducate and press the bell icon for updates. For more amazing tech articles, continue reading.
That's all for now. Stay tuned for our next post on another exciting tech topic.