Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari and Chrome: Tied For the Worst Password Manager

Posted by CmdrTaco on from the remember-this dept.

Startled Hippo writes "Safari and Chrome are tied for the worst password manager built into a major Web browser, according to a new study on the issue produced by Chapin Information Services. One problem is that some password managers can be tricked into submitting different password credentials to different parts of the same Web site. The bug has been fixed in Firefox, but Chrome and Safari are still vulnerable to this kind of attack."

13 of 218 comments (clear)

  1. Missing department by Atti+K. · · Score: 3, Insightful

    "from the avoid-saving-passwords dept." ???

    --
    .sig: No such file or directory
  2. Why focus on Chrome? by myxiplx · · Score: 5, Insightful

    To be honest, when the best browser is only scoring 7/21 they *all* need some work. Focusing on Chrome just means you're ignoring the bigger picture.

    1. Re:Why focus on Chrome? by tomknight · · Score: 5, Insightful

      You're assuming that the metric used by this company/person actually means something...

      --
      Oh arse
  3. Is this really worth noting? by tomknight · · Score: 5, Insightful
    "Chapin Information Services."

    Who??

    Seriously, this looks like a typical "storm in a teacup to get people to take me seriously as a security researcher" notification.

    Who here really lets any password manager save any password they care about? I have Opera save details for systems that don't matter, everything else I just remember.

    Check out the website for more information about this astounding company.

    --
    Oh arse
    1. Re:Is this really worth noting? by qoncept · · Score: 4, Insightful

      Who here really lets any password manager save any password they care about?

      I do. And I bet at least one other person does.

      --
      Whale
  4. don't save passwords by Speare · · Score: 4, Insightful

    Putting passwords in your web browser isn't just like hiding your house keys under the doormat, it's like taping the keys of your house to the front door.

    I don't keep full passwords on paper, nor do I use one of those password vault devices. Using truly random characters just means I have to write it down in full somewhere. I do have a text file that gives me *just* enough info that my mind can recall the password. For example, I might write "B`" and I recall that means "b1ZZare`" or I might use "W.P" to remember "To1.st0y". I know the rules I use to spell or punctuate words. I use different sorts of passwords for different tiers of security, from web forum, web merchant, web banking, private data, estate data, etc.

    --
    [ .sig file not found ]
  5. Why? by PhotoGuy · · Score: 4, Insightful

    I never understood the appeal of password managers. And they tend to be obnoxious, getting in your face until you disable them.

    If I have a high security password, I'm not going to want to store it in a browser for two reasons: 1) Someone else with physical accesse to my machine, has access to my stuff; 2) If I don't ever have to type my password, I'll often forget it.

    For lower-security passwords, I, like many, simply use the same one that's easy to remember, and used for all those stupid forums and other lightweight places that make you register.

    I've just never seen the need... It's definitely one of the most hyped up features that seems to have zero utility to me.

    --
    Love many, trust a few, do harm to none.
  6. Re:Never use password managers by skeeto · · Score: 4, Insightful

    It depends on the account type.

    Yeah, don't let the browser store your bank and e-mail passwords.

    But your /. account, where logins are done in plaintext rather than https? Go for it. As soon as you log in wirelessly you have broadcasted your password to the world anyway. The password manager is not the weak link here.

    Plus, you know, it's only your /. account, not your life savings. The consequences for losing the password are small, so shifting the trade-off towards convenience will be more reasonable.

  7. Storing passwords is dumb by theaveng · · Score: 4, Insightful

    I've always thought storing passwords in your computer is dumb. (1) It makes it extremely easy for people to steal your PC or laptop and get into your sites. (2) If something happens to require a complete reinstall, the passwords are all lost and you have no clue what they were. (3) I think the safest place to store them is in your head.

    --
    FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
  8. MAJOR browser? by jedie · · Score: 4, Insightful

    How exactly is Chrome (which is backed by a major company) a major browser?

    --
    "The majority is always sane, Louis." -- Nessus
    http://slashdot.jp
  9. Re:Never use password managers by Paradigm_Complex · · Score: 3, Insightful

    A few months back I did some computer help for someone who had all his passwords in post-it notes stuck around his monitor. I still remember some of them today.

    Don't put your password on your windows computer, or on your windows computer. Both are easy pickings.

    --
    "A witty saying proves nothing." - Voltaire
  10. All Password mangers suck by Big+Hairy+Ian · · Score: 3, Insightful

    One thing that really pisses me off about just about every browser is being asked if I want it to remember my password. I mean honestly do people really trust Internet Explorer or Firefox to store their valuable passwords in a massively secure way? Call me Mr Paranoid if you like but I don't trust anything that stores more than a hash.

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  11. Re:My password manager is in my wallet by clone53421 · · Score: 4, Insightful

    Idiot-run newspapers are why bugmenot was invented.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.