Google Planning More Security for Chrome OS Saved Passwords

Google Planning More Security for Chrome OS Saved Passwords

Google likes to talk a big game when it comes to security on Chrome OS, and it’s true that there isn’t as much to go wrong in Chrome. However, that doesn’t mean it’s perfect. In fact, Google failed to implement a rather simple security measure to protect your passwords from snooping. That could change in an upcoming Chrome OS release, though.

It turns out that Google’s Chrome OS doesn’t enforce any sort of authentication when viewing your saved passwords. If you’re using Chrome (or any other modern browser) on Windows or Mac OS, you can see how this is supposed to work. You open the browser settings, check your saved logins, and click to see the passwords. Windows prompts you for your Microsoft account details. On a Mac, it’s your Apple ID. In either case, it’s much more difficult for a third-party to snoop on your passwords.

The lock screen dialog being re-purposed for password security.
The lock screen dialog being re-purposed for password security.

A Google employee added a bug report to the Chromium project last month asking for an added layer of password security. The Chromium team replied several days ago to say the feature was in the works. You can even follow progress yourself via the open-source Chromium code. The developers are using the lock screen authentication framework for keeping passwords secure.

In the future, Chrome OS will pop up a login box when you try to reveal one of the saved passwords in the browser. You’ll have to enter your Google credentials in order to view those passwords. This change is still very early in the development process — it’s not even in the experimental Canary build yet. It still needs to filter down through the developer, beta, and finally stable channels before it’s an official feature. We’re looking at several months at least. In the meantime, don’t leave your logged-in Chromebook sitting around for someone to grab.

Continue reading

Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019

SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.

Microsoft Now Offers the Option to (Mostly) Ditch Your Password
Microsoft Now Offers the Option to (Mostly) Ditch Your Password

Microsoft wants to ditch passwords and it's making the feature widely available on Windows for the first time.

Microsoft, Apple, And Google Join Forces to Kill The Password
Microsoft, Apple, And Google Join Forces to Kill The Password

On World Password Day the world's three largest tech firms have announced an alliance to banish passwords to the ash heap of history.

Netflix Ads and Password Sharing Fees Could Arrive This Year
Netflix Ads and Password Sharing Fees Could Arrive This Year

In a notice sent to employees, Netflix management said they were aiming to have an ad-supported tier ready for sign-ups by the fourth quarter of 2022.