Friday, January 2, 2009

How Does Your Browser Stack Up?

Chapin Information Services tests of mainstream browsers point out that there are numerous issues in how password storage in browsers works.

CIS notes that the password storage features on many of these browsers have three issues:

  1. The destination where passwords are sent is not checked.
  2. The location where passwords are requested is not checked.
  3. Invisible form elements can trigger password management.
These issues stack up to a bad day for Google's Chrome browser, but the rest of the browsers that are in common use don't fare particularly well either. For those interested in this form of browser attack, the tests themselves should provide some useful ideas for starting points.

For now, your best option is to never use the built in browser password store - instead use an application like Password Safe, or KeePass.

No comments: