Adversal 728*90

Saturday, March 30, 2013

How Anyone Can Gain Access to All Your Passwords; Without Typing a Single Line of Code

Just because you never give your friends your Facebook password doesn't mean your account is impenetrable; personally I've accepted the fact that no account is safe, no matter what measures you take. However there's a very simple way to hack/access anyone's email, Twitter, Facebook, YouTube (and any other online service you can imagine) without typing a single line of code.

All that's needed is about 30 seconds of access on your "friends" laptop; and from there countless amounts of information is instantly accessible. Sure we all like to keep our laptops and PC's close; but how many times has a friend asked to "google something real quick" or check their email? Just because you sign out of your accounts doesn't mean you're safe.

The real danger is Chrome's "auto-fill password"; and I'm not talking about the risk of having your friend simply click "log-in" on an already filled out form, there's a very simple way to view all your passwords and usernames in plain text; and it's frighteningly easy.

Chrome's auto-fill saves me loads of headaches, when trying to remember which password goes where; but it's also a security nightmare. By simply heading into the settings (of a computer with auto-fill enabled- and most people have it enabled) you can view each and every single password plus the username.

In Chrome head to settings (the wrench icon)> Show Advanced Settings > and hit Managed Saved Passwords (or just type this into the browser: chrome://settings/passwords ). From there every single password and username for any site you've ever saved is visible; in plain text (hit "show" next to the hidden password to see in plain text). This is all accessible without being prompted for a single password, or security authentication.

The moral is, either turn off Auto-fill passwords, or watch who you give your laptop to; stay safe stay secure.

1 comment:

  1. I think the risk in enabling the "auto-fill password" has been taken for granted by some. This article may enlighten them to be aware of the repercussions of their actions.

    ReplyDelete