In today's post I will tell you if it is safe to save your passwords in Google.
If you use Google Chrome for browsing the Internet, you certainly know the famous window that asks if you want to store your password when logging in to a web page. ESET, a company specialized in proactive threat detection, explained to TecMundo how the mechanism that Chrome uses to store and protect saved passwords works, and also analyzed some aspects regarding security.
When a user clicks the "accept" button, it allows Google Chrome to save the username and password entered on a website's login form to the computer. More specifically, this data will be stored in a "SQLite3" database, which can usually be found at the following address:
% LocalAppData% \ Google \ Chrome \ User Data \ Default \ Login Data
The file containing the database is used only by Google Chrome, so it is assumed that no other "benign" software will access it. This database has tables with all the necessary information so that the password remembering mechanism can work correctly. The login data is stored mainly in the "logins" table.
For security reasons, passwords are not stored in plain text - that is, all passwords are encrypted. This feature has the particularity of being designed so that the data can only be decrypted by the same user of the operating system that was logged in when the password was encrypted or on the same computer on which it was encrypted.
"If a cybercriminal has access to the computer, he can easily obtain passwords, decrypt them and steal them in plain text. This type of behavior has been observed in several malicious codes and even in banking trojans targeted specifically at Latin America, where they are meant to steal access credentials from home banking services ", comments Daniel Kundro, malware researcher at ESET Latin America.
Example:
Logging into Facebook with a fictitious username and password, our researchers accepted the option for Google Chrome to save credentials. The team then tried to locate the file in which the information had been saved. To do this, just open the file with a program that allows you to view databases (in this example: DB Browser for SQLite).
After opening the file with the DB Browser tool, you can find the entries containing the login data, which include: URL, username and password. In the red box located to the right of the image, the stored password is encrypted in a BLOB structure and, when clicking on this field, the program shows its hexadecimal representation.
At this point, the attacker already has the username, the website and the encrypted password - all that remains is to complete the final step: decrypt the password. For this, the cybercriminal takes advantage of the fact of having access (physical or virtual) to the device, since it is very likely that the active user is the same one who saved the password, allowing the information to be decrypted using the function: CryptUnprotectData.
"However, malware is not the only risk that we should take into account, as there are currently several programs that are easily accessible through an online search that are capable of performing these same steps," adds Kundro.
It is important to note that all the risks mentioned above are limited to this mechanism exclusively, that is, the risk that stored passwords will be stolen. Therefore, the ideal is not to use this functionality and, if it is necessary to use it, do not use it to save passwords for services such as home banking, social networks, medical sites or that contain personal information.
If you use Google Chrome to browse the Internet, you certainly know the famous window that asks if you want to store your password when logging into a web page. ESET, a leader in proactive threat detection, explains what mechanism Chrome uses to store and protect saved passwords and analyzes some security aspects.
When a user clicks the "accept" button, it allows Google Chromesave to save the username and password entered on a website's form on the computer. More specifically, this data will be stored in an SQLite3 data bank that can usually be found at the following address:
% LocalAppData% \ Google \ Chrome \ User Data \ Default \ Login Data.
The file containing the database is used only by Google Chrome, so it is assumed that no other "benign" software will access it. This database has tables with all the information necessary for the password remembering mechanism can work properly. Login data is stored mainly in the "logins" table.
For security reasons, passwords are not stored in plain text - that is, all passwords are encrypted. This function has the particularity of being designed so that the data can only be decrypted by the same user of the operating system that was registered when the password was encrypted or on the same computer on which it was encrypted.
"If a cybercriminal has access to the computer, he can easily obtain passwords, decrypt them and steal them in plain text. This type of behavior has been observed in several malicious codes and even bank emtrojans targeted specifically at Latin America, where they are intended stealing access credentials from home banking services ", comments Daniel Kundro, malware researcher at ESET Latin America.
Below, ESET shares an example:
By logging into Facebook with a fictitious username and password, our researchers accepted the option for Google Chrome to save the essentials. The team then tried to locate the file in which the information had been saved. To do this, just open the file with a program that allows you to view databases (in this example: DB Browserfor SQLite).
Fields in the "logins" table together with their content, in which the access credentials used in this example can be viewed
After opening the file with the DB Browser tool, it is possible to find the entries where the login data is located, which include: URL, username and password. In the red box located to the right of the image, the stored password is encrypted in a BLOB structure and, when clicking on this field, the program shows its hexadecimal representation.
At this point, the attacker already has the username, the website and the encrypted password - all that remains is to complete the final step: decrypt the password. For this, the cybercriminal takes advantage of the fact of having access (physical or virtual) to the device, as it is very likely that the active user is the same one who saved the password, allowing the information to be decrypted using the function: CryptUnprotectData
"All of these steps can be performed by malware quickly and automatically. However, malware is not the only risk we should be aware of, since there are currently several programs easily accessible through an online search that are capable of carrying out these same tasks. steps "adds Kundro.
It is important to note that all the risks mentioned above are limited exclusively to this mechanism, that is, the risk that the stored passwords will be stolen. Therefore, the ideal is not to use this functionality and, if it is necessary to use it, do not use it to save passwords for services such as home banking, social networks, medical websites or that contain personal information.
To help you stay home
ESET joined the # StayEmCasa campaign, offering protection for devices and content that help users enjoy their days at home and ensure the safety of little ones while living online in the midst of the pandemic.
On the website, users can have access to: ESET INTERNET SECURITY free for 3 months to protect all home devices, Guide to Work, with practices to work at home without risk, AcademiaESET, to access online courses that help you get more out of technology and the DigiPais, to read advice on how to monitor and protect children on the web.
![Girls After Dark – Clyde Cooper (2018) Dual Audio [Hindi ORG & ENG] WEB-DL 720p |](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u1RhoTVHZZr9rXkCiKb9KDyXRkHILWGikR8yG8r-J-fuxvuF6IKoxbXIiKaxMsoL1IaL38UxuM4Ti-Z7ri5sN5RKvdXdQy_Y-P_B1SX2JQc-ye3GAPLmM9JJKh6d-tuvRX=w680)
![Ironheart (2025) (DD 5.1) [Dual Audio] | Bunnymovies [Disney TV Series] – Season 1 Episode 1-6 Added !](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sRuOaQ23CznrGNsdinyPJPauOPRWtBXd9q14jZgix-eAgb45uHK8Q--CbH9YcCRQ9nu97kxM8kxHgqaw26dIZZ4-fEpvibVYI1ltWRip705VAE2lA_QJVvtewd6-t1vNgUsQ=w680)
![Nobody 2 (2025) Hindi Dubbed (DD 5.1) & English [Dual Audio] WEB-DL 4K 2160p 1080p 720p 480p HD HDR DV SDR [Full Movie]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uwyfOkSDLLY4jIS-5rilhB_huxocvqQ_qE_IMSd-IfinFhzvfBYAOyJF8kZJ2fCbrdSUatAJaI58RqAP9K-P5jnXQj1pCu5tTZmCmQxn-F8Dqo0oINWmZIJsSdeDpyl0wqV8GQj0ZCIYqIyzRYIz6Nn1aN-OLjjQGnambl-Q0xhNElcEjUJslHc7lusFgCt0Mxz9KUOA=w680)
![Ballerina (2025) Full Movie [WEBRip 720p] – Bunnymovies](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tCULDQ4ohUQC6AESyXC9X2kWfE7S8GQbYXiTDxuTg9ef4tLPVpJ7GRC_ppXctCL5LNOg-pB4j_b49-oy82k5Zp0EACma6kA_vo_AGrhkHMXgJ2YwD-wfnNpn5D_yNl5qa9CxCy=w680)
![The Old Guard 2 (2025) (DD 5.1) English WEB-DL 1080p 720p 480p HD [Netflix Movie] - Bunnymovies](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u6903hd4vIqw-5Daw_PmSBlywbJxPZvnSTrYqPaE0qlH7arMaowpnkdzMTE7dSvsdHcSCt6N7Rurm2Q5-WS-omfiTs8KMnejX2n1qkotGkvcNIgFdi5ako1AcTgjzBnwo10RAoaBPdsSYlDQSV6uhdcbvGBMCS_HUeU7hjvPyjIUfOxmar41zsBhM8oHuDVttqPGYS_Q=w680)
0 Comments