Export thread

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Forums Outage Fixed (Obviously!)
    Just a note that the glitch following yesterday's
    webserver certificate update was found and fixed!
  • A Patch for SpinRite 6.0's Division Overflow
    Please see my blog posting for the whole story!

SN #803 - Chrome passwords

#1

alt3rn1ty

alt3rn1ty

@Steve in Security Now 803 you mention that to view Chromes passwords you "can say show me my passwords, and it does"

In my experience by clicking the individual passwords view icon you can only see the one password, not all of them, and ..

.. For me if I wish to remember one of my many passwords after clicking the View Password Icon, I am prompted by Chrome to enter my Windows system password to unlock it before it becomes viewable on screen. You did not mention this so ..

? Is that only if you do not have a local account windows password enabled ?


You can make all your passwords in a clear text file by Exporting them (IIRC you have to put Chrome://flags in you address bar, then in the flags page search for password and then enable Import / Export) - Periodically I do that and back that file up to an external USB drive which is locked away, and delete the file on the machine in use afterwards with Bleachbit.

So as far as I know passwords are secure by default, not saved in clear text, and if you want to back them up you have to go out of your way to do that. I prefer this to storing things in the cloud which I have no control over once the data has left my machine.

But they are not (at least not in my case) easily viewable just by clicking the view icon, I guess if someone else has your system password then its game over, or if your screen is viewable from outside the house via binoculars over your shoulder etcetera, or if you use Chrome in a public place like a library, then sure getting your passwords would be easy.

@ Anyone else please feel free to use this topic for anything else related.


#2

StevenW

StevenW

I've also found that you can't just move the sql lite database file to a new PC and use it, even if you use the same username/password. The password blob is probably taking into account something about that windows login besides just the username and password.


#3

alt3rn1ty

alt3rn1ty

I wonder also now if its a case of people using Googles Login (and all the cloud sync stuff) that may make a difference in how you are presented with being able to view passwords, I think Steve mentions that he uses it, I don't.


#4

EdwinG

EdwinG

I think that the key might be entangled worth the system’s unique identifiers and the user account’s GUID… did Google document what they do to protect the data?