Over the last several weeks, I’ve been completely immersed in preparing my FileMaker Pro database product “C-WINGS” for sale. Several of the modules in this database contain places to enter logins and password combinations, and I’ve been nervous about recommending that people use these features to store their own passwords, and the passwords of their clients in open text fields. After considerable research and a bit of trial and error, I devised and implemented an encryption routine so all passwords and license keys entered into C-WINGS can be safely stored as encrypted text.
Imagine my surprise today to read about a design decision in Google’s Chrome that allows saved passwords to be read by anyone with access to your computer. Now this revelation does not affect me because I never, ever, EVER elect to save passwords when prompted by my browsers. That goes for IE, FireFox, Chrome, and Safari – Windows, OSX or iOS. NEVER. But I do need a central place to store those passwords for reference.
Google says that true security must come at the OS level. That is to say if someone can login to your computer, or you leave it open, no amount of security will help you. This is technically true because if there is an authorized user who needs to see the passwords (i.e. YOU), the decode key has to be stored somewhere. The best you can do is make it as difficult as possible for someone to get that key. Storing your passwords within the browser is not a safe storage method.
So now I’m proud to say I’m using C-WINGS for my passwords, and you should too!
Contact me to hear more about the encryption routine I’ve built for C-WINGS.