Does Google Chrome Reflect Broader Browser Issue?

Does Google Chrome reflect broader browser issue?

Last week, software developer, Elliott Kember, blogged that clicking on Chrome’s settings would return browser passwords in plain text if a thief briefly gained access to an unattended computer. Several publications reported on this apparent “security flaw” in the Google Chrome browser.google-chrome

Kember complained that, while the Chrome password store is designed to make it easier for consumers to use multiple passwords for different web applications, it is inherently insecure to have these saved in plain text within the browser.

Google has responded that giving anyone else access to your computer operating system renders it insecure and providing a master password would simply give consumers a false sense of security and encourage risky behavior.

Another expert warned that storing passwords in plain text also renders them vulnerable to malware designed to harvest passwords saved within browsers, so a data thief wouldn’t need to physically access the machine.

Writing in Wired, former Black Hat, Kevin Poulsen, agreed with Google that using a master password will not prevent a determined hacker. However, he suggests that Google could include a barrier to slow down unskilled opportunists from accessing the password store.

What Kember has failed to mention is that the storage of browser passwords is not restricted to Google Chrome, most browsers offer the ability to store passwords. If Firefox users don’t set a master password, then all log in details can be accessed easily, in plain text, with just a few lines of code.

The issue that this story really highlights is the use of IT features within the corporate world that were originally designed to provide convenience and ease of use to consumers. Security is often inconvenient and slows you down. This is why organisations have seen an increase in shadow IT, because consumers want to enjoy the same rapid access to applications and information, without being interrupted by security controls. There is an expectation among employees that they should be able to search, download and begin using an application within minutes on a mobile device, or browse the web, sign up with a company credit card and start consuming a SaaS-based service almost as quickly.

Before they make the move to cloud-based services, businesses must re-educate employees on how to safely use common browser features. IT managers cannot rely on employees to consider the risks associated with storing passwords in clear text within the browser. They must explain the potential consequences and put additional controls in place.

Chrome includes a setting to “Offer to save passwords I enter on the web”, as well as the option to synchronize stored passwords to a Google Account, so that they are available on other devices. Employees need to be made aware of these settings and IT staff may wish to remove them, using existing Chrome policies. Alternatively, businesses can implement an enterprise-grade Single Sign-On solution so that employees (or hackers) cannot access their passwords.

Enterprises that are moving to the cloud should also consider employing server-side authentication to web applications, to protect passwords from being compromised. Server-side authentication prevents web login credentials from being stored on devices. Users do not know their login details, so they cannot write them down, share them, or have them stolen via malware on the device.

By Richard Walters

Richard Walters is CTO of SaaSID, a vendor of web application control and auditing software that enables businesses to govern web applications with on premise equivalent authentication, application control and auditing.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.

NEWS

CIOs Cutting Through the Hype and Delivering Real Value from Machine Learning, Survey Shows 

CIOs Cutting Through the Hype and Delivering Real Value from Machine Learning, Survey Shows 

New survey reveals progressive CIOs tap machine learning to solve everyday work problems SANTA CLARA, Calif. – October 17, 2017– A ...
IBM’s cloud, cybersecurity and data analytics business rose 11 percent to $8.8 billion in the quarter

IBM’s cloud, cybersecurity and data analytics business rose 11 percent to $8.8 billion in the quarter

Big Blue back on the attack, analysts cautious (Reuters) - IBM shares surged 5 percent on Wednesday after the world’s ...
New IDC Spending Guide Forecasts Nearly $120 Billion in Worldwide Spending on Security Products and Services in 2021

New IDC Spending Guide Forecasts Nearly $120 Billion in Worldwide Spending on Security Products and Services in 2021

FRAMINGHAM, Mass., October 19, 2017 – Worldwide spending on security-related hardware, software, and services is forecast to reach $119.9 billion in ...

CONTRIBUTORS

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...
Cloud Services Are Vulnerable Without End-To-End Encryption

Cloud Services Are Vulnerable Without End-To-End Encryption

End-To-End Encryption The growth of cloud services has been one of the most disruptive phenomena of the Internet era.  However, ...
Forget What You Have Heard About the Retail Apocalypse. Due to the Cloud Retailing is Booming

Forget What You Have Heard About the Retail Apocalypse. Due to the Cloud Retailing is Booming

Cloud Retailing is Booming Huh? You’ve heard that retail is dying. What if you were to learn that more jobs ...
Big Data Gives Insight to Consumer Trends

Big Data Is a Competitive Advantage in Any Industry

Big Data Competitive Advantage The various ways major companies — and even entire industries — have begun utilizing methods to ...
Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices in a Cloud-based World

Part 2: Strategies for Securing Mobile Devices With workplace mobility now a way of life and companies investing in cloud-based ...
Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the ...
Safeguarding Data When Employees Leave The Company

Safeguarding Data When Employees Leave The Company

Safeguarding Data Employee turnover is unavoidable. According to CompData Consulting, the average employee turnover rate in 2015 in the US ...
Four Trends Driving Demand For Data Security In 2017

Four Trends Driving Demand For Data Security In 2017

Data Security Trends 2017 will be a hallmark year for security in the enterprise as all industries have reached a ...

SPONSORS

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Hybrid IT Matures Just In Time To Tackle Complex Challenges

Tackling Complex IT Challenges Today’s sophisticated business environment demands a dynamic and robust IT infrastructure which is a far cry ...
Ransomware's Great Lessons

Ransomware’s Great Lessons

Ransomware The vision is chilling. It's another busy day. An employee arrives and logs on to the network only to ...
Scale your Windows Azure application

Help Your Business Improve Security By Choosing The Right Cloud Provider

Choosing The Right Cloud Provider Security issues have always been a key aspect of business planning; failure to properly protect ...

GET READY FOR CLOUD MICROSERVICES

So, is microservices the answer? What are the pitfalls? Is this the path you really want to lead your company down?

On November 8 at 2:30 p.m. ET, join hosts JP Morgenthal, Steve Prentice and Kalyan Ramanathan for a vibrant and interactive online discussion specifically about the pitfalls of microservices, including management, sprawl, and decomposition – and how to avoid them.

JP