It’s super convenient to save your passwords to your web browser but it isn’t very secure. In this post, I will show you step-by-step how to easily reveal a saved browser password.
Normally if you want to view a saved password you need to go into settings and click on it, then enter the password of the logged-in user account to view it. This isn’t always true, let me show you how to get around this.
The Process
- Go to any website that has the login credentials saved.
- Right-click on the password field and select inspect or just inspect the whole page.
- Find the line for the password field this should show up as
type="password"
- Change
type="password"
to betype="text"
- Look at the password field and it is now in plaintext.
Many websites that have the show password icon work exactly like this.
View the source code the next time you toggle the show password option and you may see it change the type from password to text in real time.
I’ve tested this on Google Chrome, Microsoft Edge, and Mozilla Firefox (I didn’t test other browsers because let’s face it, everything is based on Chromium now). I’m not sure if this is something that they can even prevent as this has to do with how websites handle password entry fields.
This shows how important it is to use things like a password manager. Multifactor authentication can provide some protection against this by adding another factor before a successful login but, nothing is perfect. It might even be worth starting the exploration of migrating towards passwordless authentication.