The estimated reading time for this post is 5 minutes
If you knew you could reveal your passwords easily, would you appreciate the convenient access or panic at the danger of being hacked? Controversy erupted recently when tech writer Elliott Kember wrote Chrome’s insane password security strategy, explaining how the Chrome browser can expose your saved passwords using its Reveal Passwords feature.
That’s right, Chrome can easily display your saved passwords for all to see. With just a few clicks of your mouse, your passwords can be revealed, complete with all of the letters, characters, and symbols you use to keep your accounts safe from others.
While this feature of Chrome has existed for years and is available on Firefox as well, Kember’s article generated extensive discussion about the browser’s vulnerabilities and the possible password exposure risk for Chrome users. Justin Schuh, Chrome browser security tech lead, responded in the Hacker News forum that the ability to reveal passwords is not a security flaw, but rather an intentional choice by his team.
It’s important for you to know about Reveal Passwords (not an official name), including how to use it and how to protect yourself from exposing your passwords to others. Whether you regard the idea of revealing your passwords as a useful feature or a disaster waiting to happen, this information is important to know, whether or not you use Chrome as your browser.
How Reveal Passwords Works in Chrome
To see your passwords in Chrome, go into Settings by clicking on the 3-bar stack icon in the upper right corner of your toolbar. In Settings, click Advanced Settings at the bottom, then look at Passwords and Forms and see whether “Offer to save passwords I enter on the web” is checked. If it is, click on “Manage saved passwords”.
A box will open with a list of sites where your passwords are saved. Each password will have a series of dots. Click on the dots and a box will be revealed with a Show option:
Click on Show and the password will be revealed.
[important]You can reveal your passwords in Chrome from any computer where you are logged into your Chrome account.[/important]
If you want to delete any password, click on the X on the right side of “Show”.
Also see, How To Geek, View and Delete Stored Passwords in Firefox
The Danger of Reveal Passwords in Chrome
When you’re logged into Chrome and have saved passwords, you and anyone else using your computer can access those passwords, leaving you vulnerable to people who want to steal your passwords.
Even if you don’t use Chrome on your computer you can be vulnerable to this feature when you use Chrome on another computer. If you’re visiting a friend and hop on his computer to check your email, Facebook, Twitter, Amazon, or other accounts via Chrome, be mindful that you may be leaving your password trail behind.
Why Reveal Passwords Can Be Helpful
This feature of Chrome isn’t all bad. Knowledge is power and you can use Reveal Passwords for your benefit if you choose to allow Chrome to save your passwords.
Remembering Passwords
Knowing how to reveal your passwords can save you from jumping through hoops with the “Forgotten Password” dance. If you’ve ever waited patiently for a password reset email to arrive in your inbox, only to discover hours later that the email went into your spam folder, you will appreciate the ability to access your passwords in Chrome.
Access Your Passwords on Other Computers
Reveal Passwords can also be convenient when you’re away from your home computer. Log into Chrome on another computer to have access to all of your passwords. Just be certain to log out after you’re done using Chrome.
Protecting Yourself
Reveal Passwords can expose your passwords to others so you want to protect yourself against those who might use this information against you.
1. Disable the Save Passwords feature on your browser. You don’t have to let Chrome remember your passwords.
Go to Settings => Advanced Settings => Passwords and Forms => uncheck “Offer to save passwords I enter on the web.”
You will have to type in your passwords each time you need to log into a site which may be a hassle if you log into a lot of sites. You can instead use a password manager to handle your passwords. See, Information Week’s 10 Top Password Managers and PC Mag’s The Best Password Managers
2. Add a password lock to your computer. If others have access to your computer, you can require a password to unlock your computer when you turn it on or wake it from sleep mode.
- To add a password to your Mac, check out iMore’s How to quickly lock your Mac to keep your Chrome passwords safe!
- To add a password to your Windows computer to exit Screen Saver, visit this site from Microsoft: Use your Windows password for your screen saver password
- To add a password to access your Windows 7 computer, follow these instructions from Microsoft: Protect your computer with a password
- One of the new, cool features of Windows 8 is that you can add a picture password to your computer. Here’s how to do that from Microsoft: Sign in with a picture password
3. Log out of Chrome after you are done. When you are using a computer other than your own, be sure to log out of Chrome when you’re finished using it. As this method of protecting yourself isn’t automatic, don’t rely on it for your everyday use of Chrome.
4. Be careful when you’re using another computer. If you’re using a computer other than your own, log into your Chrome account and log out to avoid leaving your passwords on another person’s Chrome account. When prompted by Chrome to save a password, choose “Not Now” or “Never for this site” if you aren’t logged into your Chrome account.
Bottom Line
While no method of password protection is 100% secure [see, A True and Terrifying Tale of Digital Disaster (and How to Avoid It Happening to You)], you need to be vigilant in protecting your passwords from others who can access them easily using Chrome. By taking time to protect your passwords, you can make it more difficult for others to discover your passwords and hack into your accounts.
Did you know how to reveal passwords in Chrome? Have you ever used this feature to access your passwords? Do you protect your computer with a password? Do you use a password manager? Let us know in the Comments section below!
Carolyn, I didn’t know about this feature until today. I would say that there are good and bad sides to it. Certainly, when using someone else’s computer signing out is imperative. On the topic of password managers, I personally use LastPass. So far, I can say that it’s quite good and I never have to remember any passwords anymore(I still keep the passwords on a file elsewhere though, just in case).
Hi Frank, You’re right, this has both the potential for good and bad. It’s kind of like using a very sharp knife. It can come in very handy but it’s also dangerous if you’re not careful!
Hi Carolyn,
I found the passwords in Chrome last week, whilst trying to change some settings. I didn’t know how to reveal each password though, so thanks for that.
I used FireFox before Chrome (and may be switching back again) and on occasion I’ve had to go into my password manager to retrieve a password (on FF). I’m now using RoboForm to save my passwords and have the app on my iPhone for when I’m away from my PC. Although I don’t use it that often as typing on small buttons is difficult.
People should take note of loggin off of sites when they leave them. Long story cut short: On a TV program they detailed a HUGE bill by someone from his bank which came about due to him not loggin out after use. I don’t know all the ins and outs but after watching I make sure I log out of all my accounts when I leave the sites.
Thanks Carolyn, have a great week.
Barry
Hi Barry, Yes, the potential for someone else using your passwords against you is tremendous. I hadn’t read the story about the person who received a bill for thousands of dollars because he didn’t log out, but I can see where that could happen!
Hi Carolyn !
Though i don’t use Google Chrome,thanks for making me aware of this . It seems like chrome has some security and privacy issues and it can be misused as you have mentioned …lets hope Google resolves it soon . Thanks for sharing the information .
-Pramod
Hi Pramod, From the comment left in the Hackers’ News forum by Jason Schuh, I don’t think Chrome will be changing this feature. They see it as a useful tool so we need to be mindful when we’re using Chrome that we aren’t exposing our passwords to others.
Ooops I was not aware that I am revealing my password to others.
Thanks for sharing. I am checking my Chrome setting right now.
Hi Sandeep, Welcome to The Wonder of Tech! Yes, most people were not aware of this feature on Chrome. Best to see what your settings are so you can best protect yourself.
This feature has both usefulness and dangerous, so you must use it carefully. I personally like to disable this option on my chrome browser. I wasn’t aware of it before, but will give due attention.
Hi Pankaj, Yes, disabling this feature is safer, though you will miss out on the convenience of having saved passwords and being able to access those passwords in Chrome. But disabling this feature is definitely the safest way to go.
This is a great share Carolyn and it’s a good reminder to everyone to be aware that we need to protect our passwords. I personally don’t store my passwords for multiple reasons. For one, keying my passwords in is the only way I’ll remember them. 🙂 If I started depending on my browser (or my security software which also offers this feature) to enter my password, I’d forget them all. The biggest reason for not storing passwords is security. As you mentioned, there are Password Managers that we can use for that and that’s a much more secure solution (in my opinion).
Hi Sherryl, You’re right, it’s like dialing numbers on a phone. With Contacts and Speed Dial no one dials numbers any more so we don’t remember them! So it’s great that you enter them manually, both for security and to help you remember them. The Password Manager you use will help you remember passwords for sites you don’t use very often.
Hi Carolyn – I’d no idea about this feature, so thanks very much for enlightening us. I was relieved to see that the save passwords feature was unchecked in my browser, but when I went into the “manage saved passwords” section, there were still a couple of sites there, which I’ve now deleted. I use a password manager, so wouldn’t ever need Chrome to save my passwords for me.
A really great share – many thanks,
Sue
Hi Sue, Yes, it’s interesting that you still had some passwords saved in Chrome even though that was unchecked. I’m glad you were able to delete those since you use a Password Manager and don’t need Chrome to save them.
I use Chrome and this feature is enabled by the looks of it. However, every time Chrome has asked me if I wanted to save my password for whatever site I’m on, I’ve pretty much always said no, so I never took advantage of the feature to begin with. At least I know now why it frequently asks to save me password, so I’ll just disable it and hopefully it won’t bother me anymore!
I find no need to save passwords as I have a few I know by heart and I use them for everything. That’s probably not the safest thing to do, but it’s worked for me so far! Anyways, thanks for bringing this feature to my attention.
Hi Mike, Yes, I’m glad you’re unchecking that option so that you won’t have to be asked every time. Keeping your passwords in your brain is probably the best and safest method, so long as you remember them! Just make sure your passwords are different for every site and are a combination of letters, numbers and symbols.
I’ve heard pros and cons about this Carolyn but I don’t use this feature myself. I have it set to never save any passwords even though I’m the only one who ever uses my computer. I’ve had a neighbor come over from time to time but he just accesses his Yahoo account and prints things out. That’s the end of it and he’s not very computer savvy.
I use LastPass for saving all my passwords which of course you can log into from any computer so like anything else you just have to remember to log out of what you’ve been in. Luckily the only times I’ve accessed that is when I’m on my families and they wouldn’t have a clue what I’ve been doing.
Thanks for sharing this though, I know a lot of people will appreciate this post.
~Adrienne
Hi Adrienne, Sounds as if you are well protected, which is great! By unchecking the option to have Chrome save your password and by using Lastpass, you are taking important steps to secure your passwords. But it’s still important to know the potential for exposing your passwords in Chrome.
Thanks so much for stopping by and sharing your thoughts here, Adrienne!
HI Carolyn,
Even without the addon, we can just use the developer tools in Chrome or FireFox as well to reveal the ‘star’, hidden password fields.
It is a real privacy issue.
Hi Gautham, Yes, you’re right, but this blog is written for everyday people so I wanted to let readers know how Passwords Reveal works in Chrome. Thanks for letting us know about the developer tools, Gautham! 🙂
Hi Carolyn,
At first it was kind of panic. What is this? What are those guys doing? Then I understood. I am vulnerable only in particular cases: when somebody else has access to my computer (not the case. Ever!) or when I work from another computer (never happened).
I accidentally found that setting that offers to save passwords in Chrome. For me it was unchecked and I left it unchecked. I didn’t know it can reveal your passwords, though. Good to know. Very good.
I protect my computer with a password, of course. The only thing I don’t do is to lock the screen. That’s because nobody has access to my computer, except me.
Finally, I started to use a password manager just a few day ago. It is Lastpass. It works very well and it seems a good way to protect my passwords.
Thank you for this post. Very good to know this.
Have a nice day
Hi Silviu, You’re exactly right, this was an affirmative decision by the powers that be at Chrome to allow access to passwords. Yes, you can opt out of this feature, but you have to realize it’s there. I’m glad that no one else uses your computer, Silviu so this really isn’t a concern for you, especially now that you know about it!
Even though you’ve never worked on another computer before, some day you might and then you’ll know not to leave a password trail behind. Yes, using Lastpass will help you keep your passwords safe as well, Silviu!
Awesome share, thanks CAROLYN,
in my work it is required to delete cache and clear cookies and reset the browsers setting many times (web coding) and i hate resetting the browsers cause of all the auto-login forms i have saved and forgotten my passwords to the forums and sites etc..
this trick is very helpful and I didn’t know of it up-until now, so thank you.
As for the security issue, i agree this a bit dangerous, as they say:
“Door locks do not stop master cat burglars, but they can stop stupid or timid thugs who don’t want to risk kicking in the door or just breaking a window.”
Many thanks and Best Wishes!
Hi Mitch, Great quote! You have an excellent point. Very little will stop a master hacker but you don’t want to make it easy for anyone to discover your passwords.
I’m like you, I don’t like to fill in forms everywhere so I appreciate shortcuts too. If you’ve going to have the convenience of shortcuts, it’s important to protect yourself from people who try to discover your passwords.
Thanks for stopping by and sharing your thoughts, Mitch!
I really dont know about this feature before. Really a nice tutorial. Thanks for your sharing.
Hi Gautams, Welcome to The Wonder of Tech! I’m so glad you enjoyed this article. Thanks so much for letting us know.
Amazing how much this spread in the media considering it was nothing new and people who regularly use chrome probably already knew about this. For me this is a feature, not a security issue.
Hi Johan, Yes, I think the reason that this was big news is that most people didn’t know about it and were concerned about their passwords being revealed to others. I agree, I view this as a handy feature, but it’s best to be mindful of how your passwords can be exposed.