Google Chrome Security Issue that everyone knows about

[MagnusB]

Really ?
You can't understand the idea that 95% of people won't ever find that ?

Unless 95% of people can't use google, I would assume everyone would be able to find that. I just googled "Firefox forgot master password", it was one of the top results, IIRC. IE Passview does the same for Internet Explorer, which I found again after a few seconds of googling. If someone gets physical access to your computer, it is more or less game over if they really wanted to do something. If you feel protected by this, by all means use it, I really don't see how it makes your passwords any more secured though.

Also note that both these tools are commonly used to restore forgotten passwords, so it is actually highly likely that people know of them if they ever had the need for them.

 

[dutchbb]

Simple, browsers shouldn't even store passwords. No browser should have introduced the feature. It's not the browser's job to store passwords. Get 1Password or alternatives with a master password enabled if you want a quick and easy way for storing passwords/logins while allowing others to use your computer.

 

[p4guru]

honestly not much a problem, known about it for ages.. why would you in this day and age allow others to use your pc/laptop and login to your existing password protected user profile as opposed to having a separate user profile and password for other folks if you do let them use you pc/laptop ?

 

[OSS 117]

Unless 95% of people can't use google, I would assume everyone would be able to find that. I just googled "Firefox forgot master password", it was one of the top results, IIRC. IE Passview does the same for Internet Explorer, which I found again after a few seconds of googling. If someone gets physical access to your computer, it is more or less game over if they really wanted to do something. If you feel protected by this, by all means use it, I really don't see how it makes your passwords any more secured though.

Also note that both these tools are commonly used to restore forgotten passwords, so it is actually highly likely that people know of them if they ever had the need for them.

Pretty much, I have a tool that overrides Windows and OSX passwords. Computer security is false sense of security. These tools are freely available. There's even documented ways to reset the password using the OS itself.

Windows XP had a major security flaw; you could delete or redo the password on any account by simply logging into a hidden administrator account and overriding the password right then and there. The issue existed in Vista until a patch fixed it, but it reappeared in Windows 7 and still there, though in 7 the hidden account isn't enabled by default.

 

[MagnusB]

People underestimate what can be done when someone gets physical access to a computer. Even a non techie should be able to use ophcrack or similar to crack your Windows password in a matter of minutes, especially if you are not using a complex password. I even used it to recover passwords for computers in my old job.

The same hype as this appeared some years ago with Firefox, they stored your passwords in clear text, even with master password enabled. That was a bit different though, cause that would cause issues on a multi user computer, but in the end they decided to encrypt it, which soon spawned a few tools that decrypted them again, cause people tend to forget their passwords.

 

[Digital Doctor]

People underestimate what can be done when someone gets physical access to a computer. Even a non techie should be able to use ophcrack or similar to crack your Windows password in a matter of minutes, especially if you are not using a complex password.

Why can't browser passwords stored like Windows passwords ?

 

[MagnusB]

Windows password is hashed, which is not possible for browsers to do, as they need the clear text passsword. Windows passwords aren't really secure either, at least not once someone get physical access to your computer.