Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Google Chrome password “bug” – security flaw or feature?

Google Chrome password “bug” – security flaw or feature?

Google’s Chrome browser doesn’t hide your saved passwords, but is that a bad thing?

These days we’re expected to remember dozens of passwords, with security experts insisting that they be long, complicated and unique. Keeping track of all your passwords can become almost a full time job in itself, so any help is much appreciated.

To make life easier, modern web browsers offer to remember your passwords so you don’t need to type them in every time you visit popular sites like Gmail, Facebook and Twitter. Having your browser remember your passwords can be a real time-saver. In some ways it also helps with online security, letting you use long and complicated passwords without the hassle of remembering them all.

The trouble with letting your browser remember your passwords is that if someone gets their hands on your computer they might have easy access to all your passwords. I noticed this a few years ago when I first switched from Firefox to Chrome as my default web browser. This password issue is nothing new, even though it’s made the headlines recently.

Firefox let me set a Master Password, which I needed to enter before I could see my full list of saved passwords. It’s not enabled by default, I needed to open the Security tab in the Preferences and tick “Use Master Password”. Enabling this seemed like a reasonable extra security precaution, even though my computer is locked with a password so I’m not too concerned about people snooping around.

When I first installed Chrome I was frustrated to discover that it’s happy to remember your passwords but doesn’t let you set a Master Password. This means anyone using my computer can type “chrome://settings/passwords” into Chrome’s URL bar and see a full list of my saved passwords. It’s a disturbing sight when you’ve had it drummed into you that your passwords must be kept secret.

Chrome’s lack of a Master Password really bothered me, so I did some research and soon discovered that it wasn’t a “security flaw” but rather a deliberate choice by Chrome’s developers. Their argument is that saving your passwords in your browser creates security risks, whether you use a Master Password or not. If someone has access to your computer and knows what they’re doing they can bypass a Master Password. Using one only lulls people into a false sense of security.

Removing a security feature to encourage security awareness naturally doesn’t sit well with some people. Of course many of them weren’t aware of the issue at all until it made news recently. Now they’re horrified to discover their passwords are in plain view and some are considering abandoning Chrome completely. A Master Password might not keep out determined hackers with access to your computer, but it would at least foil family members trying to sneak a peek at your Facebook password.

Even with the Master Password issue I was still determined to make the switch from Firefox to Chrome, so I decided it was time to investigate third-party password management services such as 1Password, LastPass, KeePass and Roboform. These let you store your passwords securely online or in an encrypted file on your computer, rather than simply saving them in the browser. It’s protected by a Master Password but some online options like LastPass offer the added protection of two-factor authentication.

Now that I use a secure password locker I don’t let any of my browsers remember passwords. You might argue that I’ve swapped one security risk for another, but these password lockers are generally considered a lot more secure than the password features in web browsers. Rather than freak out about Google’s lack of a Master Password, you should also use it as an excuse to reevaluate your approach to password management.


Recent News

This week, Apple released an update to its macOS operating system to macOS Big Sur 11.5.1. Unusually for Apple, it detailed exactly what kind of security issue it relates to. Specifically, it patches a hole that would allow attackers to execute arbitrary code with kernel privileges. If that sounds like so much techno-mumbo-jumbo to you,

I’ve not had a standard landline in my home for quite some time now. Partly that was because I very much did switch over to using my smartphone a great deal more over time. Mostly, however, it was because getting rid of it was one of the simplest ways to cut off those interminable “support

Social media can be a huge force for change, and in these times where many of us are bouncing in and out of lockdowns, also a vital lifeline for communication on everything from important matters to the wildly trivial. We’re all allowed our personal obsessions, after all. However, many of us don’t think about the

Microsoft recently released its first public-facing beta version of the Windows 11 operating system that it will ship later this year. You’ve got to be signed up to its Windows Insider program to get it – and be willing to accept a little risk in terms of unstable operating systems – but then this is

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More