So no, Google employees can not ** access your passwords, since they are encrypted on their servers. So an employee could probably grab a dump of the encrypted data, but it wouldn't do them any good, since they would have no way to use it. Your account password is checked against a hash to log in to Google, and even if you let chrome remember it, that encrypted version is hidden in the same bundle as the other passwords, impossible to access. On Google's end all that info is stored in its encrpyted state, and they do not have the key to decrypt it. Here Chrome will decrypt the information and be able to use it. When you sign into Chrome and sync the Google servers will transmit the encrypted passwords, settings, bookmarks, auto-fill, etc, to your local machine. That key is your Google password, or a secondary key you can set up. Now the passwords are in fact encrypted, the only way to get them back to plain text is to have the decryption key. A one way hash is no good, because we need to use them. In other words, if chrome can't get the plain text passwords, then they are totally useless. And if the connection to the website is not over HTTPS, the plain text is then sent over the internet. At first this seems horrible, but how did you think auto-fill worked? When that password field gets filled in, Chrome must insert the real password into the HTML form element - or else the page wouldn't work right, and you could not submit the form. And then you can view those in plain text. Passwords stored on your local machine can be decrypted by Chrome, as long as your OS user account is logged in. Thus, a superuser can change my password, can block my account, but he can never see my password. If they match, it must be the same password, and you are allowed access. When you attempt to login, the password you type in is encrypted again and compared with the entry in the file that stores your passwords. This encrypted password is then stored in the passwd or shadow file. They use a one-way encryption algorithm to encrypt your passwords. This is very different from the passwords saved in Unix-like OS's where the saved password can never be seen in plain text. I refrain from mentioning them here, simply carry a search if you want to find them.Ĭoming back to my original query, can a Google employee see my password? Since I can view the password using a simple button, definitely they can be unhashed (decrypted) even if encrypted. There are many more (including this one at this site), mostly along the same line, points, counter-points, huge debates. How to Steal Passwords Saved in Google Chrome in 5 Simple Steps: Teaches you how to actually perform the act mentioned in the previous two when you have.You can steal password from somebody if you have access to the computer account. Chrome’s insane password security strategy: Mostly along the same line.There is even a response from Chrome browser security tech lead about the first issue. Nothing mentioned about the central storage security and vulnerability. Your passwords being stolen by someone who has access to your computer account. Do you save passwords in Chrome? Maybe you should reconsider: Talks about.Searching over the Internet revealed several articles/messages. Now, my simple question is, can a Google employee see my passwords? Since the password is available anywhere, the storage must in some central location, and this should be at Google. These are available where ever you are once you log in to your Google account.You don't need to (memorize and) input those long and cryptic passwords.I understand that we are really tempted to save our passwords in Google Chrome.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |