I’m starting with the “bottom line”: consumers using Google’s Chrome browser should not store passwords in it for accounts you use on the Internet.  Why not?  Because Google Chrome does not give users the option of protecting this information with a strong master password.

This may or may not be news for consumers who are storing passwords in Google’s Chrome browser.  But it was news for Elliott Kember, a software developer who discovered this flaw.  Graham Cluley wrote about Mr. Kember’s discovery and also provides excellent graphics of the problem in his article (grahamcluley.com; “Why you shouldn’t store your passwords in Google’s Chrome browser”; August 7th).

Mr. Kember identified this problem when he temporarily switched to Chrome from Apple’s Safari browser.  He saw that he couldn’t disable Chrome’s setting that wanted to import all of the passwords stored in his usual browser of choice.   This means that anyone having access to his computer could simply go the URL “chrome://settings/passwords”, hit the “Show” button and access all of his passwords.

What’s the alternative?  As Mr. Cluley wisely advises, consumers should use password management tools rather than storing passwords in a browser — and especially not in Chrome.  He suggests people use software such as LastPass, 1Password and KeePass which will securely store and remember passwords as well as generate complex, random passwords for the various accounts people have on the web.

And what if you do let a friend or colleague or family member use your computer?  Remember another important piece of guidance from Mr. Cluley.  Make sure to log into a “guest” account so someone (even someone you trust) can’t access any of your personal files or settings.