Google’s solution? Hand over your passwords.

For a few months Mac users have been seeing an intrusive message announcing “Google Chrome wants to use your confidential information stored in…your keychain”. Some people click “Yes” or “Always Allow” to each request in the keychain just to get rid of the message. In fact this is Google’s recommendation in the Google Chrome Forum

“when you see these prompts, please select “Always Allow”. Once you have done this for all saved passwords, you should not be prompted again the next time you start up Chrome.”

Thanks for this. One big problem though. Did you know that any time you sign into Chrome and save a user name and password you are actually storing it on a Google server?

“As an added layer of protection, by default your saved passwords are encrypted on your computer and on Google’s servers using a cryptographic key.” – from Why sign in to Chrome

This is how Chrome users are able to log in using the browser on any computer and have their user name and passwords fields auto-populated. The passwords are not stored locally as they are when using a utility like the Password Exporter extension for Firefox. Unless you’ve allowed passwords to be stored using Firefox Sync. Even then Firefox only accesses passwords stored at the browser application level. It doesn’t go after the keychain. I don’t know about you but I have many passwords in my MacBook keychain that I am not interested in sharing with Google. Saying “yes” to this option is not a solution to Google’s invasive attempts, intentional or not, to gather authentication information from my machine.

No comments

No comments yet. Be the first.

Leave a reply