Following reports from users, Google has increased security on the latest build of its Chromium web browser for Mac, allowing users to access saved passwords only after verifying the system password. Chromium is the open source project that shares code with Google's Chrome and provides the backbone to the browser.
The security enhancement was first reported by developer Francois Beaufort via a Google+ post. He said that users testing the latest Chromium build can enable reauthentication through the URL 'chrome://flags/#enable-password-manager-reauthentication' flag, following which users who're trying to reveal a plain text password in chrome's settings will be prompted to reauthenticate with the user's OS X password. The authentication would be valid for a minute, as per the post.
It's worth pointing out that the feature has not made it to the publicly released version of Chrome, yet. However, it could be available in a few weeks after user testing.
A few months back, a software designer had pointed out that if users enable Google Chrome's 'Offer to save passwords I enter on the web' feature and save some or all of their passwords through it, Google gives the option to see the passwords in plain text by clicking on the 'Show' button which is placed along with the list of all saved passwords through the 'Manage saved passwords' menu in the browser's Settings page. The browser doesn't ask for a confirmation or any additional verification by, say, prompting for the users' Google account password.
A Google representative had responded that the security flaw was a feature of the browser and that the main password boundary for the user was the OS user account and there were vulnerabilities that could be exploited if that is breached. It looks like Google has decided to implement system credential verification, addressing privacy fears.
It's worth pointing out that Firefox also lets anyone with access to the PC view the passwords by default. However, it lets you set a master password to prevent this from happening.
Posts
0 comments:
Post a Comment