Jan 30, 2020
Chrome Just Told Me All of My Coworker’s Passwords
“Jesus Christ!” read the text I got out of the blue from a friend that who recently began a new job.
*Bloop* went my question mark Tapback on the message bubble.
“The guy whose position I took over for has SO many logins and passwords saved into Chrome auto fill.”
My eyes widened.
“Credit Karma, Gmail, Facebook, Pinterest, and dozens of others are here…including some, well, not-safe-for-work sites” he incredulously expressed.
Don’t get me wrong, I highly highly suggest that everyone use a password manager to keep track of their logins. Its smart, easy, and if used properly can enable you to use different strong passwords on every site without having to remember them. Chrome has one such password manager baked into their browser. Like any good password manager, it can even help you suggest passwords for you — which are extremely hard to guest or brute force (trying different passwords over and over again). But one issue that Chrome’s password manager has, as well as other browser based managers, is that if someone else uses your computer, or if you used a shared computer like in a lot of offices, anyone else who has access to that computer has access to all of your logins.
That’s what happened in this case. My buddy got hired to take the place of someone who was leaving for another job, and he inherited their work computer. But despite having two weeks over overlap as he was training his replacement, he never thought to clear out the browser’s saved passwords. And I kinda don’t blame him, that’s not something you would think about as you excitedly prepared for a new job. You want to just fulfill your final assignment and poorly train this poor schlep who is taking what you no longer want.
What I do put the blame on though is using those password saving features on a computer that isn’t yours to begin with. This extends to computers you share with other people, even if it is yours.
Okay, so, maybe you’ve done this and want to clean up your act. Ideally you’ll want to stop using the browser based password manager on a shared computer, and start using a third party password manager like 1Password and LastPass (this last one is my preferred password manager). Here’s what to do:
Check to see what logins you have saved
· Chrome — In your address window, type chrome://settings/passwords
· Edge — In your address windows, type edge://settings/passwords
· Internet Explorer — Open Control Panel on the computer, then go to User Accounts — Credential Manager (Then stop using Internet Explorer, its gross)
· Firefox — In your address bar, go to about:logins
· Safari (Mac) — In Safari, click Safari — Preferences, then click Password tab
Some of the above will require you to enter your account password to view the passwords, which is great and better than it used to be. But chances are that if this is a shared computer, whomever else is using the computer also knows that password.
The next step is to review all of the logins and make sure they are all copied to your new password manager. This might be a tedious process, but its vital to ensure you have these logins and plus, it should only need to be done once. For the how and why of Password Managers, check out one of my previous articles on the topic.
Clearing Saved Passwords From Your Browser
After you’ve ensured that all of your logins now safely reside somewhere else, its time to delete them from the browser:
· Chrome — In your address window, type chrome://settings/passwords. To delete an individual password, click on the three dots next to it and select Remove. To delete all passwords, go to Clear Browsing Data from Settings -> Advanced and select Passwords.
· Edge — Click the three horizontal dots in the top right-hand corner, then select Settings. Scroll down and click Choose what to clear. Check the option Passwords. Click Clear.
· Internet Explorer — Open Control Panel on the computer, then go to User Accounts — Credential Manager (Then stop using Internet Explorer, its gross). Click the drop-down arrow next to the site you want to delete, and click Remove.
· Firefox — In your address bar, go to about:logins. Click Remove next to each site you want to delete.
· Safari (Mac) — In Safari, click Safari — Preferences, then click Password tab. Click Remove next to each password you want to delete, or click Remove All to delete all of the passwords.
Keep in mind, all of us (except for you and myself) are replaceable at our jobs, and unless you have the wherewithal to purge all of your personal information from your machine before you go, there is a chance you can find yourself in the position of my friend’s temporary coworker. Hopefully if you do, your replacement isn’t as kind as my friend who promptly cleared the login history of the machine. However if you can get out of the habit of storing your credentials in the browser and put them into your third-party password manager, even if you forget to remove it before you leave, you can purge the connect that that computer has to your password database. I hope this helps, and remember:
Stay safe out there.
