Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Chrome Google

Forbes Estimates Google's Chrome Temporarily Lost Millions of Saved Passwords (forbes.com) 28

An unexpected disapperance of saved passwords "impacted Chrome web browser users from all over the world," writes Forbes, "leaving them unable to find any passwords already saved using the Chrome password manager." Newly saved passwords were also rendered invisible to the affected users. Google, which has now fixed the issue, said that the problem was limited to the M127 version of Chrome Browser on the Windows platform.

The precise number of users to be hit by the Google password manager vanishing act is hard to pin down. However, working on the basis that there are more than 3 billion Chrome web browser users, with Windows users counting for the vast majority of these, it's possible to come up with an estimated number. Google said that 25% of the user base saw the configuration change rolled out, which, by my calculations, is around 750 million. Of these, around 2%, according to Google's estimation, were hit by the password manager issue. That means around 15 million users have seen their passwords vanish into thin air.

Google said that an interim workaround was provided at the time, which involved the particularly user-unfriendly process of launching the Chrome browser with a command line flag of " — enable-features=SkipUndecryptablePasswords." Thankfully, the full fix that has now been rolled out just requires users to restart their Chrome browser to take effect.

This discussion has been archived. No new comments can be posted.

Forbes Estimates Google's Chrome Temporarily Lost Millions of Saved Passwords

Comments Filter:
  • by Big Hairy Gorilla ( 9839972 ) on Monday July 29, 2024 @06:58AM (#64663372)
    that "Logging into a website", something that is arguably trivial, is one of the main reasons tech companies own you.

    The concept of "logging in", basically equivalent to a light switch, which is either on or off, is conceptually beyond the understanding of a large cohort of people. To be fair Big Tech is "updating" our hardware and software as fast as possible to remove on/off from the lexicon, because it tilts the device experience towards control by the manufacturer and away from the consumer.

    Secure password management should have been built into the hardware from the beginning.
    • Re: (Score:3, Interesting)

      by Anonymous Coward
      With the benefit of hindsight, the standard HTTP authentication mechanism should have used or have been updated to use an augmented PAKE algorithm. This would break basic phishing since you can't impersonate a server without password-related data: the phisher would first have to get leaked data from the legitimate site to be able to impersonate it. And sniffing would also be useless.
  • They're not lost (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Monday July 29, 2024 @07:12AM (#64663398)

    Google probably has a copy.

    • You're most likely right. In this instance, I believe the browser still had the passwords, but you couldn't see them in the Google Password Manager, or whatever it's called. I just ran a Chrome update and magically my saved passwords are back.
  • Between this and Crowdstrike, I can see the masses never allowing an update to Windows again.

    I already know people who complain loudly about updates. So I guess the next step is for them to stop updates all-together.

  • by jenningsthecat ( 1525947 ) on Monday July 29, 2024 @08:28AM (#64663550)

    "Those who would give up essential Security, to purchase a little temporary Convenience, deserve neither Security nor Convenience".

    I suppose it's possible that KeePassX could fail and I'd lose all my passwords. I suppose it could somehow fail so badly that I couldn't even retrieve passwords from my backup files, although it's hard to see how. But I'd never trust a browser, of all things, to be ANY kind of password keeper, much less my ONLY password keeper.

    That brings us to another point: if you're gonna risk hanging your passwords out in public by entrusting them to Big Tech, at least have the sense to keep local backups. How embarrassing would it be to have to ask Google, for example, to give your shit back?

    • by AmiMoJo ( 196126 )

      This is ridiculous. A temporary glitch that was quickly rectified, no data lost, and it has supported backing up your passwords (locally and in the cloud) since the very early days. It's absolutely no worse than Keepass, beyond the additional levels of authentication and encryption available in that app, which most users won't use.

      The Chrome and Firefox password managers have done a lot to improve security online. They generate strong passwords and keep them securely, with cloud sync option because most peo

    • If you have backups (which you should if using anything like keepass, otherwise you'd be starting from scratch every time you have some storage failure) then you have backups of your browser passwords too as they're saved locally in you user profile.

  • by xack ( 5304745 ) on Monday July 29, 2024 @08:28AM (#64663552)
    Chrome's influence on computers is more than Crowdstrike was. It is only a matter of time before a "we messed up" update happens to Chrome. Probably as a conflict with their drm/anti-adblock code goes wrong and false positives' the whole browser into corrupting itself. I already had to deal with Firefox breaking itself back with the addon outage, Chrome's outage will impact a lot more people. Chrome is the de-facto central point of failure on the web, and it will only take a missing semicolon somewhere to mess it up.
    • by gweihir ( 88907 )

      On the plus side, Chrome is not involved in the boot process and cannot (except intentionally) prevent system boot after crashing it. That puts it in line with the usual crapware software makers push out these days and does not even merit a footnote in the history of computer security.

  • by ctilsie242 ( 4841247 ) on Monday July 29, 2024 @10:01AM (#64663790)

    Every so often, I, stick in a USB flash drive [istorage-uk.com] into the machine. Because I don't trust BitLocker encryption, the drive is also protected by VeraCrypt, and even if the hardware encryption is "sus", it does protect against brute force attacks, so someone finding the drive likely will try codes until it permanently locks, goes to the website to reset the drive, and now has a freebie drive... hardware loss, but the data is well out of their reach.

    From there, I export all passwords to the drive, as well as keys like my .gnupg directory, .ssh directory, ~/.config/borg/keys directory, and other items. To keep things sane, I have a few of these drives, and use a GFS rotation with a drive being offsite.

    This ensures that if something happens to a PW or a TOTP key, I can recover. I learned this the hard way when a sync service corrupted all my passwords. Were it not for an offline iPod Touch, I would have lost pretty much everything.

  • I've never understood why any user would install Chrome (except that brief period when it was the only way to stream Netflix on Linux).
    It doesn't come pre-installed on any OS not made by Google, so you have to go out of your way.
    If you're already using Windows, you're already fine with Microsoft spying on you and advertising to you.
    Why not just use Edge instead of adding Google to the pile?
    What gets Windows users to install Chrome?

    • >"What gets Windows users to install Chrome?"

      Consistency?
      Habit?
      Advertising?
      Documentation recommendations?
      Outdated misinformation?
      Corporate overlords?

      >"Why not just use Edge instead of adding Google to the pile?"

      Why not use Firefox and kick both Google AND Microsoft off the pile? And, at the same time, it supports real browser diversity so we are less likely to have things taken-over by these monster monopolies.

  • >"An unexpected disappearance of saved passwords "impacted Chrome web browser users from all over the world,"

    Welcome to the Chrom* monoculture. If you think this is bad, wait until there is some explosion in the base chromium that all these non-Firefox "alternative" browsers all use that will affect all the Chrome AND Chrome-based (Chrom*) browsers as well.

    Google is not doing us any favors....

    https://www.mozilla.org/en-US/... [mozilla.org]

Keep up the good work! But please don't ask me to help.

Working...