Does Google Chrome Reflect Broader Browser Issue?

Does Google Chrome Reflect Broader Browser Issue?

Does Google Chrome reflect broader browser issue?

Last week, software developer, Elliott Kember, blogged that clicking on Chrome’s settings would return browser passwords in plain text if a thief briefly gained access to an unattended computer. Several publications reported on this apparent “security flaw” in the Google Chrome browser.google-chrome

Kember complained that, while the Chrome password store is designed to make it easier for consumers to use multiple passwords for different web applications, it is inherently insecure to have these saved in plain text within the browser.

Google has responded that giving anyone else access to your computer operating system renders it insecure and providing a master password would simply give consumers a false sense of security and encourage risky behavior.

Another expert warned that storing passwords in plain text also renders them vulnerable to malware designed to harvest passwords saved within browsers, so a data thief wouldn’t need to physically access the machine.

Writing in Wired, former Black Hat, Kevin Poulsen, agreed with Google that using a master password will not prevent a determined hacker. However, he suggests that Google could include a barrier to slow down unskilled opportunists from accessing the password store.

What Kember has failed to mention is that the storage of browser passwords is not restricted to Google Chrome, most browsers offer the ability to store passwords. If Firefox users don’t set a master password, then all log in details can be accessed easily, in plain text, with just a few lines of code.

The issue that this story really highlights is the use of IT features within the corporate world that were originally designed to provide convenience and ease of use to consumers. Security is often inconvenient and slows you down. This is why organisations have seen an increase in shadow IT, because consumers want to enjoy the same rapid access to applications and information, without being interrupted by security controls. There is an expectation among employees that they should be able to search, download and begin using an application within minutes on a mobile device, or browse the web, sign up with a company credit card and start consuming a SaaS-based service almost as quickly.

Before they make the move to cloud-based services, businesses must re-educate employees on how to safely use common browser features. IT managers cannot rely on employees to consider the risks associated with storing passwords in clear text within the browser. They must explain the potential consequences and put additional controls in place.

Chrome includes a setting to “Offer to save passwords I enter on the web”, as well as the option to synchronize stored passwords to a Google Account, so that they are available on other devices. Employees need to be made aware of these settings and IT staff may wish to remove them, using existing Chrome policies. Alternatively, businesses can implement an enterprise-grade Single Sign-On solution so that employees (or hackers) cannot access their passwords.

Enterprises that are moving to the cloud should also consider employing server-side authentication to web applications, to protect passwords from being compromised. Server-side authentication prevents web login credentials from being stored on devices. Users do not know their login details, so they cannot write them down, share them, or have them stolen via malware on the device.

By Richard Walters

Richard Walters is CTO of SaaSID, a vendor of web application control and auditing software that enables businesses to govern web applications with on premise equivalent authentication, application control and auditing.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Tesla Solar Plan Would Cost Billions To Implement

Tesla Solar Plan Would Cost Billions To Implement

A 1,500-word manifesto that Elon Musk unveiled last week, outlining his plan to expand Tesla Motors Inc.’s electric-vehicle line and to build “stunning solar roofs,” may end up costing the company tens of billions of dollars to carry out. Musk, Tesla’s chairman and chief executive officer, gave the estimate on Tuesday after a tour of the…

Healthcare IoT Security To Grow To $47 Billion In 2021

Healthcare IoT Security To Grow To $47 Billion In 2021

Healthcare IoT Security It’s obvious that IoT can make the entire healthcare industry more efficient. The kind of data involved can be used to save time, physical energy and operating costs. Because of this, devices that facilitate medical data are becoming more commonplace in the industry. This includes things such as wearables that can track…

Zoho Announces Industry’s First Multichannel CRM Service

Zoho Announces Industry’s First Multichannel CRM Service

Zoho News According to Gartner, the Customer Relationship Management (CRM) software market grew by 12.3% from $23.4 billion in 2014 to $26.3 billion in 2015. Suggests Julian Poulter, research director at Gartner, “The merger and acquisition activity that began flowing through the market in 2009 continued in 2015, with more than 30 notable acquisitions. This…

How The Cloud Is Changing Online Education

How The Cloud Is Changing Online Education

Online Education Growth There’s no doubt that the internet has changed the face of education over the last two decades. In fact, by some estimates more than 80 percent of college students expect to take at least some — if not all of their courses — online. Thousands of people have earned degrees without ever…

Investing In The Future With The Introduction of Sage Cloud

Investing In The Future With The Introduction of Sage Cloud

CHICAGO, IL–(Marketwired – Jul 26, 2016) – Sage, a market leader in cloud accounting software, announced today at Sage Summit 2016 its strong commitment to future technologies, with a focus on new and existing partnerships that power business growth. Revealed during CEO Stephen Kelly’s keynote address, which opened the world’s largest gathering of entrepreneurs and…

Cloud Services Providers – Learning To Keep The Lights On

Cloud Services Providers – Learning To Keep The Lights On

The True Meaning of Availability What is real availability? In our line of work, cloud service providers approach availability from the inside out. And in many cases, some never make it past their own front door given how challenging it is to keep the lights on at home let alone factors that are out of…

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Which Is Better For Your Company: Cloud-Based or On-Premise ERP Deployment?

Which Is Better For Your Company: Cloud-Based or On-Premise ERP Deployment?

Cloud-Based or On-Premise ERP Deployment? You know how enterprise resource management (ERP) can improve processes within your supply chain, and the things to keep in mind when implementing an ERP system. But do you know if cloud-based or on-premise ERP deployment is better for your company or industry? While cloud computing is becoming more and…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

Cloud Computing Checklist For Startups

Cloud Computing Checklist For Startups

Checklist For Startups  There are many people who aspire to do great things in this world and see new technologies such as Cloud computing and Internet of Things as a tremendous offering to help bridge and showcase their ideas. The Time Is Now This is a perfect time for highly ambitious startups to make some…

Most Active Internet Of Things Investors In The Last 5 Years

Most Active Internet Of Things Investors In The Last 5 Years

Most Active Internet Of Things Investors A recent BI Intelligence report claimed that the Internet of Things (IoT) is on its way to becoming the largest device market in the world. Quite naturally, such exponential growth of the IoT market has prompted a number of high-profile corporate investors and smart money VCs to bet highly…

Cloud Infographic – The Data Scientist

Cloud Infographic – The Data Scientist

Data Scientist Report The amount of data in our world has been exploding in recent years. Managing big data has become an integral part of many businesses, generating billions of dollars of competitive innovations, productivity and job growth. Forecasting where the big data industry is going has become vital to corporate strategy. Enter the Data…

5 Considerations You Need To Review Before Investing In Data Analytics

5 Considerations You Need To Review Before Investing In Data Analytics

Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Using Big Data To Analyze Venture Capitalists’ Ability To Recognize Potential

Big Data To Analyze Using Big Data to Analyze Venture Capitalists’ Ability To Recognize Potential For those who are regularly involved with SMEs, venture capital, and company valuations, it is common knowledge that start-ups that exit for more than $1 billion dollars are extremely rare – often termed ‘unicorn’ companies. Despite their rarity, it should…