Just a little something for you all to think about. Google Chrome encrypts passwords with the Windows provided API function CryptProtectData which makes the encrypted data only decipherable by the Windows user account used to encrypt the password. So essentially, your master password is your Windows account password. As a result, once you are logged into Windows using your account this data is decipherable by Chrome. This is great however any malware running as the respective user can potentially gain access to all your passwords.
Similarly Internet Explorer windows makes the assumption that once logged in it is safe for applications to access any data within your account. As a result of Internet Explorer not utilising a master password to protect its saved password, the respective Windows accounts password is the Triple DES decryption key with which Internet Explorer encrypts its passwords. Simpy put, if you can log in to Windows with the account password, malware can access all the Internet Explorer saved passwords.
Firefox on the other hand protects its passwords with a Master Password, which means that it is in no way linked with the Windows account password so any malware running within the respective accounts does not freely get access to Mozilla's password. However most users aren't even aware that the Master Password exists let alone that they need to set it.
Similarly Internet Explorer windows makes the assumption that once logged in it is safe for applications to access any data within your account. As a result of Internet Explorer not utilising a master password to protect its saved password, the respective Windows accounts password is the Triple DES decryption key with which Internet Explorer encrypts its passwords. Simpy put, if you can log in to Windows with the account password, malware can access all the Internet Explorer saved passwords.
Firefox on the other hand protects its passwords with a Master Password, which means that it is in no way linked with the Windows account password so any malware running within the respective accounts does not freely get access to Mozilla's password. However most users aren't even aware that the Master Password exists let alone that they need to set it.
No comments:
Post a Comment