Why you shouldn’t let the browser remember your passwords

Most modern browser ask if you want to save your password after a successful authentication, but should you really do that?

Saving your passwords in any form should never be considered secure, but did you know how easy it really is to reverse passwords saved in the browser? Once the browser auto populates the username and password fields it’s really easy to unmask the password again. This works in any browser, but for convenience, I’ll use Google Chrome.

First of all use Google Chrome and go to your favorite website where you have saved your credentials. In case the fields aren’t automatically populated, you can click the “key” icon in the upper right corner of the address bar (depending on browser) and get a list of saved credentials for the current website.


ChromePassMgr1
From here click the F12 key on your keyboard and Google Developer Tools should appear. Different browsers have their own developer tools or may require a plugin to be installed. Next click on the little square with the arrow inside (or CTRL+SHIT+C) and select the password-field. This should tell you exactly what line of HTML is responsible for the password field. Since the text and password fields are identical apart from the tag type="password" you can now simply double click on type="password" and change the value to type="text".

ChromePassMgr2

 

Behold! You’ll now see your password in plain text… 🙂

ChromePassMgr3

 

Share this:

One comment, add yours.

Avatar

Marc

Thats SCARY!!!!! – thanks for this insight

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.