Does Google Chrome Reflect Broader Browser Issue?

Does Google Chrome Reflect Broader Browser Issue?

Does Google Chrome reflect broader browser issue?

Last week, software developer, Elliott Kember, blogged that clicking on Chrome’s settings would return browser passwords in plain text if a thief briefly gained access to an unattended computer. Several publications reported on this apparent “security flaw” in the Google Chrome browser.google-chrome

Kember complained that, while the Chrome password store is designed to make it easier for consumers to use multiple passwords for different web applications, it is inherently insecure to have these saved in plain text within the browser.

Google has responded that giving anyone else access to your computer operating system renders it insecure and providing a master password would simply give consumers a false sense of security and encourage risky behavior.

Another expert warned that storing passwords in plain text also renders them vulnerable to malware designed to harvest passwords saved within browsers, so a data thief wouldn’t need to physically access the machine.

Writing in Wired, former Black Hat, Kevin Poulsen, agreed with Google that using a master password will not prevent a determined hacker. However, he suggests that Google could include a barrier to slow down unskilled opportunists from accessing the password store.

What Kember has failed to mention is that the storage of browser passwords is not restricted to Google Chrome, most browsers offer the ability to store passwords. If Firefox users don’t set a master password, then all log in details can be accessed easily, in plain text, with just a few lines of code.

The issue that this story really highlights is the use of IT features within the corporate world that were originally designed to provide convenience and ease of use to consumers. Security is often inconvenient and slows you down. This is why organisations have seen an increase in shadow IT, because consumers want to enjoy the same rapid access to applications and information, without being interrupted by security controls. There is an expectation among employees that they should be able to search, download and begin using an application within minutes on a mobile device, or browse the web, sign up with a company credit card and start consuming a SaaS-based service almost as quickly.

Before they make the move to cloud-based services, businesses must re-educate employees on how to safely use common browser features. IT managers cannot rely on employees to consider the risks associated with storing passwords in clear text within the browser. They must explain the potential consequences and put additional controls in place.

Chrome includes a setting to “Offer to save passwords I enter on the web”, as well as the option to synchronize stored passwords to a Google Account, so that they are available on other devices. Employees need to be made aware of these settings and IT staff may wish to remove them, using existing Chrome policies. Alternatively, businesses can implement an enterprise-grade Single Sign-On solution so that employees (or hackers) cannot access their passwords.

Enterprises that are moving to the cloud should also consider employing server-side authentication to web applications, to protect passwords from being compromised. Server-side authentication prevents web login credentials from being stored on devices. Users do not know their login details, so they cannot write them down, share them, or have them stolen via malware on the device.

By Richard Walters

Richard Walters is CTO of SaaSID, a vendor of web application control and auditing software that enables businesses to govern web applications with on premise equivalent authentication, application control and auditing.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Conquering Disease with Artificial Intelligence and IBM Watson

Conquering Disease with Artificial Intelligence and IBM Watson

Artificial Intelligence and IBM Watson Artificial Intelligence, or AI, is growing increasingly pervasive in today’s modern world. Perhaps the most publicized and recognizable application of AI to date, IBM’s Jeopardy-winning computer, Watson, is now being used to help cure cancer. IBM announced the development of Watson for Genomics on Wednesday at the National Cancer Moonshot…

The Fundamentals of Predictive Analysis

The Fundamentals of Predictive Analysis

Predictive Analysis  Article sponsored by SAS Software and Big Data Forum Analytics is playing an increasingly important role in our lives thanks in large part to internet of things (IoT) developments and a greater appreciation of Big Data. With solutions that range across business productivity, health care, individual and national security, new insights are regularly…

Clouding Around With The Unicorns

Clouding Around With The Unicorns

The Social Unicorn Early investors and technology consumers alike love the poignantly named “Unicorn” companies, or private startups that reach the $1 billion valuation. The most recent unicorn spotting is social media game-changer Snapchat, which was recently valued at $16 billion. According to a recent infographic from Alexa discovered via Adweek, Snapchat also proves to…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Increasing Efficiency and Reducing Cost with Managed Printing Services

Increasing Efficiency and Reducing Cost with Managed Printing Services

Managed Printing Services This is a sponsored post written on behalf of HP MPS.  Today’s business leaders recognize the value of shared services, significantly providing a wide range of enterprises with the sophisticated tools they need to compete with big business, while additionally driving costs down. But an area often overlooked in our tech-savvy world…

10 Trending US Cities For Tech Jobs And Startups

10 Trending US Cities For Tech Jobs And Startups

10 Trending US Cities For Tech Jobs And Startups Traditionally actors headed for Hollywood while techies made a beeline for Silicon Valley. But times are changing, and with technological job opportunities expanding (Infographic), new hotspots are emerging that offer fantastic opportunities for tech jobs and startup companies in the industry. ZipRecruiter, an online recruitment and job…

5 Reasons Why Your Startup Will Grow Faster In The Cloud

5 Reasons Why Your Startup Will Grow Faster In The Cloud

Cloud Startup Fast-tracking Start-ups face many challenges, the biggest of which is usually managing growth. A start-up that does not grow is at constant risk of failure, whereas a new business that grows faster than expected may be hindered by operational constraints, such as a lack of staff, workspace and networks. It is an unfortunate…

Cloud Computing Is Greener Than You Think

Cloud Computing Is Greener Than You Think

Cloud Computing Is Greener Than You Think Last week we touched upon how a project in Finland had blended two of the world’s most important industries, cloud computing and green technology, to produce a data centre that used nearby sea water to both cool their servers and heat local homes.  Despite such positive environmental projects, there…

Cloud Infographic: The Future of File Storage

Cloud Infographic: The Future of File Storage

 The Future of File Storage A multi-billion dollar market Data storage has been readily increasing for decades. In 1989, an 8MB Macintosh Portable was top of the range; in 2006, the Dell Inspiron 6400 became available, boasting 160GB; and now, we have the ‘Next Generation’ MacBook Pro with 256GB of storage built in. But, of course,…

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Big Data To Analyze Using Big Data to Analyze Venture Capitalists’ Ability To Recognize Potential For those who are regularly involved with SMEs, venture capital, and company valuations, it is common knowledge that start-ups that exit for more than $1 billion dollars are extremely rare – often termed ‘unicorn’ companies. Despite their rarity, it should…

Infographic Introduction – Benefits of Cloud Computing

Infographic Introduction – Benefits of Cloud Computing

Benefits of Cloud Computing Based on Aberdeen Group’s Computer Intelligence Dataset, there are more than 1.6 billion permutations to choose from when it comes to cloud computing solutions. So what, on the face of it, appears to be pretty simple is actually both complex and dynamic regardless of whether you’re in the market for networking,…

M2M, IoT and Wearable Technology: Where To Next?

M2M, IoT and Wearable Technology: Where To Next?

M2M, IoT and Wearable Technology Profiling 600 companies and including 553 supporting tables and figures, recent reports into the M2M, IoT and Wearable Technology ecosystems forecast opportunities, challenges, strategies, and industry verticals for the sectors from 2015 to 2030. With many service providers looking for new ways to fit wearable technology with their M2M offerings…