How To Extract Plaintext Google Chrome Passwords

Browsers: don't worry, we encrypt all of your passwords to keep them safe! Also browsers: we store the encryption key right beside your passwords!

Moral of the story don't save passwords in the browser, awesome video John love your content.

John, you explain in a way that is very understandable something so many people dont have the time/skills to do.I enjoy not only watching your vodeos but also just listening as you explain thoroughly i can almost visualise what you are doing.I hope you get to where you deserve to be pal !!!

...and this is WHY scam-baiters are constantly telling ppl to NOT store passwords in the browser! Awesome vid John!

Passbolt (and any other password manager) employs the similar mechanisms for storing and sharing passwords as your browser password manager, it just has a robust feature set for sharing the password with others. Don't get lazy and believe any password manager is a golden bullet. Passwords are stored using a cipher, which will take a long time to break if you were to brute force it, but the key to the cipher needs to be kept on your local machine in order to access them. The best way to protect yourself is to use multiple layers of authentication. 2FA authenticator applications, NFC tags, biometrics. Separate storage or data mediums that can have a hash created, so only the medium itself is a way to authenticate. Employ good practice and having multiple layers of security is the best way to keep you and your data protected.

So I have to leave the comment to let you know that you've helped so much. True could have happened with any video but just happened to hit yours first. My uncle passed away a week or so ago and he had a lot of cherished memories stored in his phone and laptop, I've learned to get through the windows password the pash couple of days probably through the least direct wya but this helped me to guess what his phone password was and get the remaining memories. Thank you for making the video and helping me recover the cherished memories.

Always informative

Ur awesome, I'm so happy I found a video of something so hard to learn, I had already given up thinking that I wouldn't be able to find information on how to decrypt my browser passwords, thanks!

Almost any password vault is vulnerable to local attacks. Unless you're typing something in when you go to log into a website, there's a guaranteed way to retrieve that password if you have local access. Even if you have to go to the website and wait for the tool to fill in the password field, you can get it once the password field is filled out in the browser with a trivial console command.

I've yet to see a "password manager" that I feel entirely comfortable with. Ultimately your passwords have to be stored on something physical. Even if in encrypted form, they're only as good as the encryption key/password used to encrypt them. And how do you store that? You're down to memory versus sticky notes, and master passwords are a vulnerability in themselves. Thoughts?

What detection rules would you recommend for such cases ? Any specific eventid or something ?

I was actually intrigued when i saw passbolt sponsor this video, cause i switched to them from lastpass about 3 months ago..honestly yes, best pw manager i can say

Internet explorer crying in the corner

I'd love to see some timelines on your videos John! :)

Awesome content and very informative! 🙌

I really appreciate your content it is really helpful. And is there any way of decrypting those chrome passwords on another machine?

I will gladly follow along, thanks for the invitation, John!

is the masterpassword on firefox an easiest solution ? doesn't use the masterpw to encrypt ? thank you in advise

There are utilities for 'whatever web-browser you are using'? What about Safari on macOS; I was under the impression that it uses the system keychain for password storage.

Careful, I remember there was some algorithm that can decrypt pixelated censor and it is really good at it, hope you changed your other user password after this