Warn Chrome Users of Websites that Stores Password in Clear Text

March 15, 2010 | Filed under Browser, Google, Privacy

;

Many years ago the security feature for recovering lost password is flawed. Every website that allows user registration can recover lost password by providing the correct answer to secret question or by providing an alternative email supplied during registration. The answer to a secret question might not be so secret at all when sometimes the answers can be guessed or even social engineered. This would cause the CURRENT password being recovered by the hacker. Since most people uses the same password for all websites, the hacker pretty much got control to all of the users account.

As for now, the password recovery no longer allows recovering of old or current password. The system now should reset the password and send a new password to the user. This way even if a service is being hacked, the hacker could only get to login to that single account. This password recovery system used by a website has a good and safe practice. This also gives a peace of mind that the administrator of the website can’t recover the users password.

Google Chrome users are able to enjoy this service by installing an extension called PasswordFail. This extension checks every website that you visit and if it is known to keep or display the password in clear text, then it would warn you.

Website that store clear-text password

PasswordFail requires users input and submission of websites that practices storing of passwords in clear text.

Download PasswordFail Chrome Extension




Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!