Yahoo News 
Security warning over Google Chrome - if you share your PC, others can see your passwords
Passwords can easily be seen in plain text in the “passwords” tab within Chrome
Google Chrome users have been warned not to share their computers - after a developer showed off how to see every password stored in the browser in plain text.
The “hack” - actually a feature that Google is aware of - would allow someone who used your machine for five minutes to note down passwords for email, Facebook and any other site your browser signs into.
Developer Elliott Kember described the feature as “insane”.
[Is your TV watching you? New hi-tech hacks target locks, webcams and TVs]
Kember’s blog showed off how passwords can easily be seen in plain text in the “passwords” tab within Chrome, simply by pressing a button saying, “Show.”
The feature can be turned off - you simply visit Chrome Settings, Passwords, and turn the slider for “remember passwords” to off.
Kember described Google’s password strategy as “insane”, saying, “Google isn’t clear about its password security. Users don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, everyday users are saving their passwords in Chrome. This is not okay.”
Google’s security tech lead responded to the post, saying that the feature was a conscious decision, and that when users granted someone else access to an OS user account, “they can get at everything.”
[The 10 easily guessed PIN codes that will hand your money to thieves]
Justin Schuh, security tech lead for Chrome replied to Kember’s post on Ycombinator.
He said: “The only strong permission boundary for your password storage is the OS user account. So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account. Beyond that, however, we've found that boundaries within the OS user account just aren't reliable, and are mostly just theater.”
“Consider the case of someone malicious getting access to your account. Said bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software. My point is that once the bad guy got access to your account the game was lost, because there are just too many vectors for him to get what he wants.”
Schuh said that master passwords merely provided users with a false sense of security, and that when users granted someone access to an OS user account, “they can get at everything.”
