How secure is a browser storing a password?

Whenever I enter a login into a new site, Chrome asks me if it should store the login details. I used to believe this was fairly secure. If someone found my computer unlocked, they could get past the login screen for some website using the stored details, but if asked for the password again like during checkout, or if they wanted to login to the service from another device, they would be sol.

At least, that's what I used to think when I believed the browser did not store the password itself, but a hash or encryption of the password. I have noticed that the browser fills the username and password fields, and the password field indicates the number of characters in the password.

I'm one of those people who when asked to change their password just keeps the same password, but changes a number at the end. I know this is bad, but with how often I am asked to change passwords, I really could not remember the number of passwords expected of me. This results in a lot of passwords that are the same, but sometimes I forget what the end number needs to be for a particular login.

I could not remember the ending number for a certain login, so I went to a website where the password was stored. I deleted the last couple of characters and tried different numbers and viola, knew what was the right ending number.

It seems to me that this is a fundamental security flaw. If I can check the last character of my password without checking any others, then the amount of tries it takes to crack the password grows linearly with the number of characters not exponentially. It seems like a short stride from there to say that if someone came to my computer when it was unlocked, a simple script could extract all of the stored passwords for all of the major websites which I have passwords stored for.

Is this not the case? Is there some other layer of security that would prevent this?

Comments

Post a Comment

Popular posts from this blog

3 ways employees can risk your firm’s cybersecurity (and what to do about it)

Leveraging The program convenes world-class thought leaders from Brown’s top-ranked Department of Computer Science and Watson Institute for International and Public Affairs, as well as accomplished practitioners driving advances in cybersecurity. EMCS graduates earn a Master’s degree from Brown University and join Brown’s powerful global alumni network. EMCS forges visionary leaders ready to deploy successful strategies for cybersecurity that address: Technologies such as big data, cloud, mobile, Internet of ThingsSocial trends including social networks, globalized workforceHuman factorsEconomic tradeoffs and risk managementPolicy and privacyEffective leadership
Read more

H]ardOCP: Google Is Hurting Themselves with Their Poor Support of Windows

Image
Google’s lack of support for Windows  is likely a strategic move, but some say they should just give in and start building native apps for it: by not offering good support on the most productive platform in the world, Google is having reduced engagement from many potential users. Windows users are less engaged with Google services than mobile users, and a large part of that is due to Google not making any effort. Despite their efforts the desktop is not going away anytime soon, and with Chromebooks still comprising less than 1% of web usage, Google is hurting not just users but themselves by not supporting Windows better. It also leaves the door open for Microsoft to get it right and steal users away from Google services, as it is making every effort to be cross-platform.
Read more

Scientists Discover Unlikely Source Of Electricity

"The impact of this discovery in the field of biological piezoelectricity will be huge ..."By  Tracy Mastaler on October 6, 2017 at 8:35am Scientists have  discovered  a way to produce electricity from human tears and saliva, which could — if harvested effectively — become a new fuel for implanted medical devices. The  finding  came when researchers in Ireland from the University of Limerick’s Bernal Institute applied pressure to lysozyme, a protein found in both tears and saliva. The team’s groundbreaking report was published in the October 2, 2017, issue of the scientific journal  Applied Physics Letters . Researchers made the discovery after applying pressure to a film of lysozyme crystals squeezed between two glass slides. The team was able to detect and measure the production of piezoelectricity, a form of energy in which an electric charge accumulates in response to pressure. Although piezoelectricity has been known and understood for years, the process has be
Read more