STOP USING CHROME till there's an update. Hackers can steal your password


#1

If you read the article, it says that all Windows version is affected.


#2

Thanks for sharing! :grin:
It’s already known that the Chrome Password Storage is not safe and you also can grab logins when you have a fake site and as example running a fake Microsoft Outlook Login in the background, Chrome will autofill in you password and the hacker can login after.

I recommand using Lastpass or 1password as Password vault :wink:


#3

iCloud Keychain Here :grin:


#4

I’m using Safeincloud.


#5

It might sound pedestrian but Password safe keychain + http plugin and your keychain stored on an online service and you will have your passwords safe and on all your devices.

My personal combo is: Wuala (5Gb free and for this kind of thing is more than enough) + Keepass + KeepassHttp plugin + whatever OS you want.

It works the same on windows, Linux, Mac, iOS or Android.


#6

LastPass password manager for me. I had been using it for a while and the recent update not Syncs your password across the devices


#7

Good thing I never used Chrome and never will…


#8

Why even use Chrome in the first place? Chrome is a privacy nightmare… Firefox is the way to go.


#9

Opera Developer here! Works great :slight_smile: And it’s remarkably stable :smiley:


#10

Opera has some really weird quirks… Like renaming all the .jar files you download to .zip just so that you have to rename them back :smile: I don’t know if the latest version has this specific nonsense, but it was always an oddball, including support for web standards. Oh and no plugins :smile:


#11

This thread is a bit ‘wrong’ when it comes to facts.

They won’t be able to steal your Chrome passwords, only the username for your currently logged in Windows user and the hashed password because it connects to a remote CIFS server to fetch the .SCF icon and doing so transmits them using SMB/CIFS.

So, no - your Chrome saved passwords are safe as is every other password on your system.


#12

Oh, wow. I have used keepass for years, but hadn’t realized until now that it is possible to integrate keepass to web browser. I have been using ctrl+u/ctrl+v combo for logins. But, this is way better. Took the keepasshttp + chromelpass into use at work and already liking it. Thank you! :slight_smile:


#13

Only problem so far is that chrome mobile does not support plugins. So I still have to copy and paste it on the phone. But since Android 4.4 I can use the keePass keyboard to do it. So is not much of a burden.


#14

Firefox on Android supports plugins :slight_smile:


#15

Yeah but last time I searched there was no “keefox” or similar plugin compatible with the android version. I still look from time to time just in case. The day someone does one I will jump from chrome to firefox on my phone and everywhere else. I tend to use the same apps on all the OSs I use if I can.


#16

“keefox”? What does it do?


#17

I still use Chrome on Android. My passwords are in Lastpass, no Chrome autosave.

Would propably switch to FireFox if Lastpass would work with it on Android, but nope.


#18

Connects firefox with keepass so passwords can be autostored and/or autoretrieved from the keystore.


#19

And how is it better than Firefox default password storage?


#20

Firefox only handles web pages credentials.
KeePass (And I’m sure other keychain software) can store, notes, certificates (yes I know firefox handles certs too) pictures, coordinate cards, reminds you to change passwords, or when they are going to expire. it has a trash so you can recover things you erased… Is multiplatform, can import credentials from other places/formats, and can export them too. You can regulate the level of encryption, etc. etc.