SN #803 - Chrome passwords

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Larger Font Styles
    Guest:

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)

    /Steve.

alt3rn1ty

Member
Dec 27, 2020
24
8
@Steve in Security Now 803 you mention that to view Chromes passwords you "can say show me my passwords, and it does"

In my experience by clicking the individual passwords view icon you can only see the one password, not all of them, and ..

.. For me if I wish to remember one of my many passwords after clicking the View Password Icon, I am prompted by Chrome to enter my Windows system password to unlock it before it becomes viewable on screen. You did not mention this so ..

? Is that only if you do not have a local account windows password enabled ?


You can make all your passwords in a clear text file by Exporting them (IIRC you have to put Chrome://flags in you address bar, then in the flags page search for password and then enable Import / Export) - Periodically I do that and back that file up to an external USB drive which is locked away, and delete the file on the machine in use afterwards with Bleachbit.

So as far as I know passwords are secure by default, not saved in clear text, and if you want to back them up you have to go out of your way to do that. I prefer this to storing things in the cloud which I have no control over once the data has left my machine.

But they are not (at least not in my case) easily viewable just by clicking the view icon, I guess if someone else has your system password then its game over, or if your screen is viewable from outside the house via binoculars over your shoulder etcetera, or if you use Chrome in a public place like a library, then sure getting your passwords would be easy.

@ Anyone else please feel free to use this topic for anything else related.
 
Last edited:

StevenW

New member
Nov 2, 2020
2
1
I've also found that you can't just move the sql lite database file to a new PC and use it, even if you use the same username/password. The password blob is probably taking into account something about that windows login besides just the username and password.
 

alt3rn1ty

Member
Dec 27, 2020
24
8
I wonder also now if its a case of people using Googles Login (and all the cloud sync stuff) that may make a difference in how you are presented with being able to view passwords, I think Steve mentions that he uses it, I don't.
 

EdwinG

Active member
Sep 24, 2020
44
13
I think that the key might be entangled worth the system’s unique identifiers and the user account’s GUID… did Google document what they do to protect the data?