Google Chrome gets Master Password protection
Google Chrome, just like any other modern web browser, offers to store passwords that you enter while using it to improve future access to websites or services on the Internet.
Instead of having to enter the username and password manually each time you delete cookies or sign out, you can use features provided by the browser to fill out the values automatically for you.
That's very comfortable and used by many, especially since it is a feature that is set to on by default.
Unlike Firefox, Chrome did not offer any protection whatsoever for stored usernames and passwords in the browser. Some users saw this as a blatant security risks, while others and Google were quick to point out that local system access was needed to access the data.
There are obviously situations where you may allow someone to access your computer, be it child, friend or business colleague. The chance that they may access the storage may be slim, especially if you are nearby, but it is definitely possible that someone with enough knowledge of Chrome would quickly use an opportunity to look up passwords in the browser.
Chrome's Master Password
Anyway, Google implemented protection on Chrome for Mac recently that was linked to the operating system's account password. The very same protection has now landed on Windows as well, and while it is not yet available in the stable version of Chrome, it will be in the near future.
You can still open the passwords manager of Google Chrome just like before, and see the web address and the username of any website or service saved here. The Show button however that appears when you hover the mouse cursor over an entry will trigger a password prompt. Previously, the password was shown directly.
Now, you need to enter the account password of the user who is signed in to the operating system before the passwords are displayed in Chrome.
Side Note: To open the password manager, load the link in the paragraph above, or click on the three bars in the Chrome interface, and select Settings > Show Advanced Settings > Manage Saved Passwords from the settings page.
The protection will be lifted for a minute, before it will be enabled again. You can display as many passwords as you like in that time without having to re-enter the Windows user account password. Once the minute is over though, the password prompt is displayed again.
The feature should please Chrome users who criticized Google for not implementing a Master Password type of protecting for the saved password database.
Not seeing it in the beta release (32.0.1700.41) but the implementation isn’t the way I’d like to see it done in the first place. It should be tied to the google account being used in the browser not the windows account. I use a shared workstation so this does nothing to secure my passwords. Besides doesn’t google already store the passwords/history/bookmarks for syncing between PC/phone/tablet versions of Chrome?
This addition of a windows login presents more security risks than it solves….
And if you don’t use a Google account at all (at least in Chrome; I have a GMail account, but don’t link it to Chrome)? I’d like to be able to set whatever password I choose, and have it stored in Chrome, the same way it works in Firefox.
In all the time I’ve used Chrome (dev) I’ve never asked it to save my passwords (prefer Keepass) but while trying to test this feature out I discover that I can’t even get Chrome to ask me if I want to save them even though I’ve asked it to in Settings. Restarted Chrome, restarted system, cleared cache, etc etc, but no joy. I think my age is catching up with me, so can anyone help this pensioner?
Sorry, please ignore my last post. It seems to ask me on some sites, but not others. Think I’ll stay with Keepass. My apologies
I had the same issue, Chrome doesn’t store https and I think some other blacklisted sites it deems are to sensitive to store passwords for.
There is an extension to disable this, but it doesn’t work 100% of the time either. Do a extension search for Autocomplete=on
Instead of adding Master Password like one in Firefox, Google telling you: “Wanna see your passwords? then give us your Windows user account password!”. Nice feature :)
Hahah ‘Classic’ , good one :)
Hey Martin, did they\you mention anywhere what about those who do NOT use any password on their Windows user account?
Wouldn’t wanna get locked out ‘cuz they decided my nonexsisting password isn’t correct :)
No, they did not mention that ;)
Good question, leads me back to my first comment. Wish they would just implement it the same way firefox does and just create a master p/w for the browser only.
Forget it, I will use KeePass. They will probably mess it up so that you have to jump through hoops to disable. Why don’t they work on improving the things they have started like “Keep”?
This is the greatest feature that finally Google launched. Now I don’t need to install third party app or extension.
This is beyond stupid, what if you a don;t have a user password set and do you know how easy it is to remove windows passwords form any computer, less than 2 minutes with the right CD.
Firefox master password system is much more robust as it can be different to the main login which may be shared with others
I forgot master password in Chrome, How can i get it back. or reset
I have NO Idea hat my windows password is, therefore I cannot access or “show” my saved passwords. How do I find out my windows passwrds.