bit-tech.net

Firm tests browser password privacy

Firm tests browser password privacy

Google won't be happy with the poor showing its flagship browser made in the security tests - a mere two out of twenty-one.

The next time Internet Explorer asks you if it should remember a password for you, think twice about your answer if you value the security of your data.

The Register reports on a suite of tests that has been carried out against a range of popular web browsers by security firm Chapin Information Services in order to test their adherence to good password security practice. The news, I'm sad to say, isn't particularly good.

The suite of twenty-one tests resulted in not a single pass from any of the browsers tested, with the joint winners being Opera 9.62 and Firefox 3.0.4 with a distinctly underwhelming 33 percent score.

The worst performers for password security were Google's freshly-released Chrome browser and Apple's Safari for Windows 3.2, both of which managed a mere 9 percent on the tests.

Three flaws in Chrome which have remained un-addressed since the first beta was launched are singled out by the company for special attention: a failure to check where exactly password requests are coming from; a further failure to validate where the password information is being submitted to; and, poorest of all, the ability of invisible form elements within web pages to trigger password management functions with no user interaction whatsoever. Company founder Richard Chapin described the three issues, along with seventeen others the company has spotted within the password management system, “form a toxic soup of potential vulnerabilities that can coalesce into broad insecurity.

The full results of the tests can be found on the company's website, along with a brief description of each of the twenty-one test criteria.

Has the results of the company's testing convinced you to wipe your stored passwords, or is Chapin simply trying to drum up business with some old-fashioned scare tactics? Share your thoughts over in the forums.

5 Comments

Discuss in the forums Reply
Arkanrais 16th December 2008, 15:00 Quote
I've got my browser hooked up to all sites I have to sign in to, except my bank site. That is one site I will never trust any browser with holding my login for.

still, a best score of 33% does seem very dismal indeed.
Bauul 16th December 2008, 15:11 Quote
I didn't think bank websites even let you save your password.
janesy B 16th December 2008, 15:16 Quote
my browser wont save any passwords on a https site - Firefox 3.0.4
D3s3rt_F0x 16th December 2008, 15:49 Quote
btw your link to the register is a link to a story you did about Palm planning further cuts.
bahgger 16th December 2008, 18:52 Quote
Quote:
Originally Posted by D3s3rt_F0x
btw your link to the register is a link to a story you did about Palm planning further cuts.

You don't know it, but bit-tech is in on a scheme to snatch your password by making you click on unsuspecting links!
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums