Well that's the end of Google Chrome password manager feature for me. It's just too damn easy to hack and get passwords for every website that someone uses. What's worse is that they ignore the autocomplete attribute so websites can't turn it off either meaning that every website you log into will very likely store your username and password in your browser.
As you can see, I've turned the feature off under the Chrome Settings, Advanced Settings area.
I don't want anyone getting the wrong idea that that anyone can just get your passwords from anywhere, they will need access to your computer, either physically or via a small trogen, or access to your gmail account that you use to log into Chrome. With these they can either sync all your log in information and then extract the passwords or simply extract them from your chrome browser without you ever knowing.
With so many more web services, online stores, social networks/tools and online software solutions around these days, the biggest security flaw to access of your entire life is you. We humans are crap and lazy when it comes to remembering passwords, so we all tend to do the same thing; we use similar passwords for some or most, or all websites along with the same email address or usernames. Meaning if one weak web site is hacked in the chain, there is a strong chance for someone to access other similar sites.
No more!
Although password managers have been around for years, Google's is probably the most convenient, though not necessarily the most reliant across every website type.
I've been fortunate to understand enough about technology to save myself from being a victim, as far as it would be in my control, and this is the problem. I have no idea if I was hacked unless something malicious occurred or the service provider told me. This is because I don't have the means to monitor access to every website I visit. If I did I might be able to see if any access would be suspicious, but even then, that's all I could do.
But is it?
So what am I doing about it? From no on, I've decided to take my personal online security far more seriously. I'm going to move to insanely random strong passwords across all websites I log into and every website is going to have a different password, which is key here (excuse the pun). They are so strong and random that I would never be able to remember them which means it is taking more of the human, the weak link, out of the equation.
But if I can't remember them, how do I have access? Well the fact that seeing just how fast and easy it was to get all my passwords from chrome was doesn't mean it was a bad idea. What I loved was the convenience that when I went to a website that it would remember my details.
So I've opted for another password manager, but this time one that is highly secure, requires master keys and passwords meaning that anyone with full access to my machines still can't get access to the passwords.
There are a lot of password managers out there but the two I have been choosing between was LastPass and KeePass. Both very different solutions to deliver the same service. Weighing up the two, for me personally, I decided on KeePass. It's open source, widely used, can be used on all major platforms, and has an extensive plug-in library for pretty much anything I'd like to do with it.
Now, I don't want to get into details about how I've set it up and use it across all the different systems I use, but at the end of the day, it does everything I want it too. It will pre-fill username and passwords on websites and other applications in a far more secure way. I can even get it to remember login details for sites that wouldn't be compatible with Chrome such as true SPA (single page applications) based websites.
It can even remember other information within its vastly secure database, and I can retrieve and use that information as I like, in the way I like.
Screenshot of KeePass (taken from Google images)
You can find information about KeePass all over the website. Their main website is at http://keepass.info/ and you can easily install it plus other necessary plug-ins to make a better web browser experience via Chocolatey. (https://chocolatey.org) using:
choco install keepass<br>
and
choco install keepass-keepasshttp
along with the ChromeIPass Extension at the Chrome Store.
So this is now my password manager in Google Chrome, and yet I have more functionality, far better security, though it is/has taken me sometime to go through all my old websites to reset the passwords...
Simple, secure and altogether, better.
I even have access to all my passwords on my Android phone using Keepass2Android and connecting to my password file through file sharing like Dropbox or OneDrive.
Use the comments section before if you have any questions or suggestions about making your passwords safer on the web. Just make sure you make these changes sooner than later. Having the same password everywhere is definitely something you must change.