Is it safe to store passwords in chrome?

257    Asked by AnishaDalal in Cyber Security , Asked on Mar 22, 2022

There's a few questions here along these same lines already, but they're nearly a decade old. I'd like to know if things have changed, especially now that Chrome has become more aggressive about asking users to save their passwords, and those passwords being associated with a cloud account.There's lots of rants against Chrome's current password saving policy, and lot's of articles warning against it. However, I don't know if I agree with them all.


Some obvious observations:Against

If someone gets physical access to your machine, there's only the OS password between them and every password you've ever saved.

Someone could potentially hack into your Google account, sign into Chrome, and also get access to all your passwords.

There's no "master password" (outside of your OS password) to protect them if someone should get logged in access to your computer.

For


According to HaveIBeenPwned I have had my email address and passwords shared online dozens of times thanks to hacks to websites. (Including big companies like Adobe, LinkedIn, Kickstarter, etc. and that's just the known hacks.) In that same time I've never had a computer stolen or been subject to a physical security breach.

If I use a uniquely generated password on every website, and save them into Chrome, no other websites accounts will be made vulnerable from another website security breach.


I probably trust Google to detect and protect me from unusual activity more than almost any other online service (which isn't to say they're infallible, obviously).

In terms of attack vectors, it seems that if you feel you're more likely to be open to a physical attack (or attack from someone you know), then saving passwords into a browser could be a very bad idea.


However if you're more likely to be susceptible to remote attacks by strangers, then having unique passwords stored on every website is likely to improve your personal information's security. (In any case that would obviously be the ideal, but security has to factor in practicality - and the average user isn't going to remember a unique password for every website.)


(I wonder if a better solution to Chrome's current one (which allows users to reuse easily guessed passwords across websites) would be to force (or encourage) the user to only save unique and complex passwords?)

Answered by ananya Pawar

You asked - Is it safe to store passwords in chrome, I think it is not as good as a password manager, better than nothing.

Security often comes at the price of convenience, and convenience often comes at the price of security. Password managers built into browsers are primarily there for convenience, and security plays a lesser role. The reason for this decision is that regular users are more easily convinced to use a system that is convenient for them, rather than a system that is more secure, but harder to use. Since you asked for Pros and Cons of real life scenarios, I'll detail the pros and cons of using a browser's built-in password manager in comparison to an offline password manager like Keepass, and not using a password manager at all.

Using a browser's built-in password manager:

Pros You already have it. Everyone uses a browser these days, and all major browsers come with built-in password managers. This means that from a regular user's point of view, the barrier to entry is incredibly low. It discourages password reuse. People dislike remembering passwords, so they certainly won't remember one password per site. If the browser automatically suggests a strong password upon registering, then the user will not be tempted to reuse an existing password for it. Furthermore, the passwords suggested by the password manager will likely not be cracked by any attackers, should hashes ever be stolen. It syncs to my other devices. A user can register to a service on their computer and then use the same service on their phone without having to worry about syncing passwords. That is a huge plus! Cons

It doesn't defend against local attacks. Attackers which may have access to the computer of the user (think jealous girlfriend, not government agency) may be able to get the passwords rather easily. With access to the browser, for example when a user forgot to lock their computer, all passwords can be read out in a matter of minutes. It should be noted that local attacks are not something every user is concerned with. For example, I am living alone and don't really have a local attacker in my threat model. It increases the attack surface. If synchronisation between devices is enabled, then the security of all my accounts is tied to the security of the account of my browser vendor. Furthermore, while it is unlikely, but not impossible, an attacker could steal the encrypted credentials of all users and then begin to crack them bit by bit.

Since my passphrase is 72 characters long and I use a YubiKey, I am not all too worried about people logging into my Google account - but it could be a reason why you wouldn't want to enable synchronisation. Vendor Lock-In. To my knowledge, browsers don't yet offer some way to export all credentials into some unified format. This means, if you have 200 credentials saved into Chrome and decide to switch to Firefox...well, have fun.

Using a dedicated offline password manager: Pros Better protection against local attacks. Since passwords are stored in an encrypted file, which is protected by a master password and optionally a key file as well, an attacker with local access will likely not be able to steal your passwords. In the case of you forgetting to lock your PC, many password managers have settings to "forget" the key after a key file as well, an attacker with local access will likely not be able to steal your passwords. In the case of you forgetting to lock your PC, many password managers have settings to "forget" the key after a period of inactivity. While that doesn't completely protect you, it is much better than a built-in password manager.

Better configurability. A browser's built-in password manager may struggle with sites which have less than desirable password policies, so a dedicated password manager can generate passwords according to a specified ruleset.

Works outside the browser. Sometimes, I need to generate passwords to send via other means, such as text messages, or use them inside a VM. In this case, a browser's built-in password manager just doesn't cut it.

Cons Higher barrier to entry. Users which don't have a background in security are unlikely to look for a password manager, and if they do, they're likely daunted by the different offers, such as online password managers, offline password managers, etc.. Furthermore, most offline password managers have quite a few very handy features, which are likely confusing for someone who "just wants to use the internet". Doesn't sync between devices. Since my passwords are just a file, it doesn't automatically sync between my devices. If I have a desktop PC, a laptop and a smartphone, then either I manually sync my password database between them, or I use some third-party service to do that for me (like Dropbox, Google Drive, etc.)

Not using a password manager: Pros Works everywhere. Oftentimes, I need to enter some form of authentication where I simply can't use a password manager, such as for my BitLocker password or my Windows domain password. In such cases, remembering a strong passphrase is the only option I have.

Cons Encourages weak passwords. I won't remember a password like _B+5ZzRk!4vd2+5Q?qw$=9V, that's a fact. I may remember a long passphrase, such as Two Blue Bunnies jump over the Square Tree and Explode., but that's quite a handful to type every time I want to log in. As such, most users will gravitate towards the shortest possible password they deem "good enough", and usually that's something like BostonNovember2020. Encourages password reuse. "I already thought of a password or passphrase, and now you want me to remember a second one? A third even!? What do you mean I need to remember a new passphrase for every service I use?!" - That's why people reuse passwords. Verdict

  • Dedicated password managers are a great high-security option that offer a tonne of configurability. However, as many tools are aimed at experts, they can be difficult to use for beginners.
  • Built-in password managers strike a good middle-ground for non-tech people, increasing their security against likely threats, while making them a bit less secure against unlikely threats.
  • Using no password manager at all should only be used in situations where no password manager is available.
  • Appendix A: How can a local attacker actually get the passwords?
  • One of the downsides of browser-based password managers is that they don't protect against local attacks. I will explain one possible local attack for demonstration purposes:

Let us assume Bob stores all his passwords in Chrome. Bob leaves the house to buy groceries and forgot to lock his computer. Eve, Bob's jealous girlfriend, suspects that Bob may not be faithful to her, and wishes to check his various online accounts to see if he has been flirting with other women. She has about 30 minutes of direct access to his browser.

The first thing Eve does is to open Chrome's internal password page. This can be done via the settings menu, or by directly calling the URL chrome://settings/passwords. In this list, Eve sees all pages for which passwords are saved, as well as the corresponding usernames. This alone already may be revealing sensitive information. On this page, Eve could click the "Show Password" button, but that prompts her to enter Bob's OS password, which she does not have.

However, she can still manually recover the password for arbitrary sites. For example, she is most concerned with the sites bookofface.es and bird.app. She can manually navigate to these sites, where she is met with a login form. The browser will automatically enter Bob's credentials into the login form, but the password is blanked out, due to the type="password" property of the input field. By opening the developer console and removing that attribute, the password is revealed in plaintext.

While this process is not as fast as a "copy all passwords" script, it is still doable within a reasonable amount of time. Depending on the goals of the attackers, certain sites may be more relevant than others. So while Bob may have passwords saved for hundreds of sites, Eve may only be interested in a couple.



Your Answer

Interviews

Parent Categories