Stay Smart Online (SSO) has issued an urgent warning to Google Chrome users who save their passwords to their browser. Passwords are not secured properly – allowing other users to be able to view all saved passwords! We look at the vulnerabilities for this method on any browser, and look at what other methods of password retrieval computer users can to adopt to protect their important personal information and ultimately – their credit file.
By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.
Here is an excerpt from the SSO warning – issued on Friday:
Chrome will typically prompt you to save your password for a site that you visit, and remember this for future logins. While other browsers offer the option of a “master password” that can be activated to protect your passwords, Chrome does not.
On any Google Chrome browser, you can type chrome://settings/passwords into the URL bar. This will display a page listing all of the passwords held by that browser—for all users of that computer.
This is particularly concerning for shared computers. You should never save your passwords when using shared computers, such as public computers at a library or airport.
Do not rely on your browser to safely store passwords for you if someone else has physical access to that machine.
Only allow people you trust to access to your computer, especially if that computer contains confidential information.
Online expert Daniel Smith says saving passwords on your browser is something you should never do.
“It may be a convenient way to store the many passwords you might have for different accounts, but if it’s convenient for you, it can be convenient for anyone looking to steal them as well,” he says.
Daniel recommends people wanting to remember difficult passwords should use a secure and trusted third-party tool to protect and manage their passwords rather than save them to their browser.
“Sites such as Passpack.com or Lastpass could be good secure options for password management. One thing to note is that passpack has never been hacked. Another thing to note is that all browsers not just chrome do this,” Daniel says.
Daniel’s Key Tips To Protect Your Password
1. Use secure passwords. Come up with a unique password scheme – for example every 3rd vowel is a number or symbol. Or you could use two unrelated words which are memorable to you, and use tools like the Shift key to create a password that can’t be easily deciphered.
2. Use a different password for each account. It may be harder to remember, but it may just take a little bit of work to make your passwords unique and also easy to remember.
3. Use a unique username – not the default setting. Don’t use ‘admin’ as a username. You should use a username with at least 8 characters and include characters you have to press Shift for.
4. Minimise password login attempts. For sites you have control over access to – restrict the number of attempts allowed to access the site, before the user is ‘locked out’, which prevents multiple attempts to crack the password.
5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. These are harder to infiltrate by hackers, but Daniel says many don’t use them because they are inconvenient.
6. Never store passwords in your browser. Take time to make passwords unique yet easy to remember or use a secure third-party password manager if necessary.
Personal Information Security and Your Credit File
Stealing passwords or personal information through these channels can lead to identity theft and potentially fraud. Hackers can on-sell your personal information to fraudsters who have identity theft as part of their repertoire.
Information like passwords, dates of birth, account numbers, full names etc can be warehoused and used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.
Fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.
For between 5 and 7 years you can be locked out of credit while your credit rating shows up someone else’s defaults.
Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place. Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.
Prevention really is key to protecting your credit file from this fraud – so spend some time and make sure your passwords are as secure as possible as a first line of defence against identity theft.
Image: foto76/ www.FreeDigitalPhotos.net