Does Google Chrome Reflect Broader Browser Issue?

Does Google Chrome Reflect Broader Browser Issue?

Does Google Chrome reflect broader browser issue?

Last week, software developer, Elliott Kember, blogged that clicking on Chrome’s settings would return browser passwords in plain text if a thief briefly gained access to an unattended computer. Several publications reported on this apparent “security flaw” in the Google Chrome browser.google-chrome

Kember complained that, while the Chrome password store is designed to make it easier for consumers to use multiple passwords for different web applications, it is inherently insecure to have these saved in plain text within the browser.

Google has responded that giving anyone else access to your computer operating system renders it insecure and providing a master password would simply give consumers a false sense of security and encourage risky behavior.

Another expert warned that storing passwords in plain text also renders them vulnerable to malware designed to harvest passwords saved within browsers, so a data thief wouldn’t need to physically access the machine.

Writing in Wired, former Black Hat, Kevin Poulsen, agreed with Google that using a master password will not prevent a determined hacker. However, he suggests that Google could include a barrier to slow down unskilled opportunists from accessing the password store.

What Kember has failed to mention is that the storage of browser passwords is not restricted to Google Chrome, most browsers offer the ability to store passwords. If Firefox users don’t set a master password, then all log in details can be accessed easily, in plain text, with just a few lines of code.

The issue that this story really highlights is the use of IT features within the corporate world that were originally designed to provide convenience and ease of use to consumers. Security is often inconvenient and slows you down. This is why organisations have seen an increase in shadow IT, because consumers want to enjoy the same rapid access to applications and information, without being interrupted by security controls. There is an expectation among employees that they should be able to search, download and begin using an application within minutes on a mobile device, or browse the web, sign up with a company credit card and start consuming a SaaS-based service almost as quickly.

Before they make the move to cloud-based services, businesses must re-educate employees on how to safely use common browser features. IT managers cannot rely on employees to consider the risks associated with storing passwords in clear text within the browser. They must explain the potential consequences and put additional controls in place.

Chrome includes a setting to “Offer to save passwords I enter on the web”, as well as the option to synchronize stored passwords to a Google Account, so that they are available on other devices. Employees need to be made aware of these settings and IT staff may wish to remove them, using existing Chrome policies. Alternatively, businesses can implement an enterprise-grade Single Sign-On solution so that employees (or hackers) cannot access their passwords.

Enterprises that are moving to the cloud should also consider employing server-side authentication to web applications, to protect passwords from being compromised. Server-side authentication prevents web login credentials from being stored on devices. Users do not know their login details, so they cannot write them down, share them, or have them stolen via malware on the device.

By Richard Walters

Richard Walters is CTO of SaaSID, a vendor of web application control and auditing software that enables businesses to govern web applications with on premise equivalent authentication, application control and auditing.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

The Success Formula For Private Cloud Deployments

The Success Formula For Private Cloud Deployments

OpenStack For Private Clouds On February 15th Tom Bittman of Gartner published a blog which asserted that 95% of Private Clouds are Failing. When an industry analyst makes a statement that big, in one of the top three priorities for enterprise CIOs today, it’s critical that we as an industry step back and understand how we…

The Rise Of The iPro: How Cloudware Has Helped To Develop A Responsive Business Generation

The Rise Of The iPro: How Cloudware Has Helped To Develop A Responsive Business Generation

The Rise Of The iPro Overview: Independent professionals are playing a more important role in business by the day, but how much has the introduction and adoption of cloudware helped to develop a generation of workers that are working more flexibly and efficiently than ever before? iPros, or ‘independent professionals’, are becoming increasingly common in…

Hoarders And Data Collectors:  On The Brink Of Unmanageability

Hoarders And Data Collectors: On The Brink Of Unmanageability

Hoarders and Data Collectors In our physical world, hoarders are deemed “out of control” when they collect too much.  Surely the same analogy applies in our online world.  When providers collect realms of data from us, it seems they lose control of that too?  In the last months it’s not just the frequency of data…

Dreaming of a Cloud Transition and Transformation Framework

Dreaming of a Cloud Transition and Transformation Framework

Cloud Transition and Transformation Framework Many years ago I was introduced to the concepts that comprise the visual architecture process. During the process of learning about the concepts and process of visual architecture, I adopted many of the concepts, ideas and tools to use in my own processes. In particular, there was a component that…

5 Ways The Latest Cloud Tools Can Help Increase Sales

5 Ways The Latest Cloud Tools Can Help Increase Sales

Cloud Tools Can Help Increase Sales How new cloud technology can help you source, manage and close more leads. We take a look at how you can use cloud software to boost your sales team’s productivity and clinch more of those all-important deals! Selling and Marketing is integral to every business and a company’s sales team…

On-Premise VoIP vs The Cloud

On-Premise VoIP vs The Cloud

Modern Day Phone Systems The jargon in the business phone system industry is enough to make even the most tech-savvy entrepreneur’s head spin. However, if we cut through all the strange wording and focus on the features that make each system unique, we can develop enough of an understanding to make a well-informed decision for…

Small Technology Providers (STPs) — VARs, ISVs, Integrators, And SME Consultants

Small Technology Providers (STPs) — VARs, ISVs, Integrators, And SME Consultants

Small Technology Providers (STPs) Continuation from last weeks article. See the article here  Here’s the opportunity for little / middle guy.  It’s funny, I’m a big networker and I can’t tell you how many conversations I’ve had with IT folk across all these specialty functions and everyone says the same thing:   They all felt like…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor