Password Fail For Chrome Reports Websites With Bad Password Policies - gHacks Tech News

Password Fail For Chrome Reports Websites With Bad Password Policies

Password Fail is a browser extension for the Google Chrome web browser that informs you when sites store passwords in plain text format.

Webmasters who create a community on the web need to define password policies that include password limitations and recovery options.

They also need to ensure that the passwords and user data in general is protected on the service's servers. Without protection, any hack could have disastrous consequences, even more so than it would have if the data was encrypted in first place.

Hackers could use the information right away if not encrypted in any form, while they would have to decrypt the data first which, depending on algorithms used and password strength could take years or even decades.

The Password Fail extension for Google Chrome tries to aid users in evaluating a web service in regards to password security. It displays icons in the Chrome statusbar if a website is loaded that is using bad password policies, specifically saving passwords as plain text.

password fail

One of two icons may appear in the web browser's statusbar upon connection. A yellow warning sign that indicates that a website sends out passwords in plain text after user registration, and a red sign that a website sends them out upon request.

Both are indicators that the passwords are stored in plain text on the web server which basically means that attackers will also be able to get their hands on the unprotected data if they find a way to either request the data or hack the server.

Password Fail relies on user contributions. Users can submit new websites and services that they suspect to store passwords in plain text. This will be verified by the team by registering. Only after that will a website be added to the service's database.

A sample list of websites with bad password policies is available on the Password Fail website. It lists among others MySpace.com, Brady Games and Stumbleupon as offenders.

Chrome users can download the extension for their web browser directly from the Chrome extension gallery.

The extension has its uses, but there are two issues that need to be mentioned. First, it relies on contributions which means that while it may cover popular services, it is likely that it won't provide you with information about the majority of services on the Internet.

Second, it is not clear if the sites in the database are checked regularly to find out if the password policy has been changed in the meantime.

Update: PasswordFail Extension has not been updated since 2011, and the website that powered user submissions is no longer functionality. This means that you won't get anything out of the extension anymore.

That's the main reason why we have removed the link. There is no comparable extension available at this point in time.

Summary
software image
Author Rating
1star1star1stargraygray
no rating based on 0 votes
Software Name
Password Fail
Software Category
Browser




  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Monofsu said on March 18, 2010 at 12:56 am
      Reply

      FYI, StumbleUpon no longer stores passwords in cleartext. The issue has been solved several months ago. All your passwords are now safely encrypted and stored.

    2. SondreB said on March 29, 2010 at 3:47 pm
      Reply

      Thanks for reviewing the PasswordFail addon and our online service. We appreciate all the attention this privacy issue gets and we have already seen a lot of positive reactions on sites that has improved.

      StumbleUpon has been updated to reflect the improvements in how they handle users passwords =)

    Leave a Reply