Why is it not safe to save password in Google Chrome

When the user enters a file The password somewhere automatically Google Chrome He asks if he wants Save password To save yourself a step the next time you want to log in. However, contrary to popular belief, Doing so is not safe.

company analysis cyber securityAnd the ESETanalyze whether the fact that access credentials are stored is secure and what are the risks of this option so that users know what they can face.

The company noted that the biggest risk this poses is that if an attacker gains access to the computer, they can easily obtain the data. passwordsDecipher and steal it. This type of action has been observed many times by banking trojans whose task is to steal credentials for accessing online banking sites in order to commit fraud later.

The sign that appears when you enter the password.

How do scammers get passwords?

We start with trying to log into Facebook with a fake username and password.. When the browser tells us, we click on the Google Chrome option to save our credentials,” according to the analysis of the company that cited the site Infobae.

Watch: This is the perfect messaging network to replace Gmail

just by name user name And the The password It is stored in the database Google Chromeyou can browse to the file where the information is saved (this data will be stored in a SQLite3 database usually located at: %LocalAppData%\Google\Chrome\User Data\Default\Login Data).

The biggest risk of this practice is to lose the computer, so whoever gets it can easily access our accounts.

Later The file is opened with a program that allows viewing of databases. When opening with a DB browser, for example, you can go to the “Logins” option to find the entries containing the login data, including: URL, username, password. The The password Stored is encrypted, however, when you click on this field, the program displays its hexadecimal representation.

See also  Among the virtual reality experiences in the US, it might be one of the scariest and funniest of the year: the demo and the details.

Watch: Bill Gates predicts cell phones that will be replaced

At this point, the attacker already owns user nameThe website and the The password It is encrypted, so it remains only to perform the last step: decrypt it.

It is recommended that you do not use this function, and if you do, do not use it to save passwords for important servicessuch as online banking, social networks, medical portals, or those containing personal information”,

Lovell Loxley

"Alcohol buff. Troublemaker. Introvert. Student. Social media lover. Web ninja. Bacon fan. Reader."

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top