Google has been criticised for making it easy to access someones stored passwords if the attacker can get on to a targets Chrome browser.

The problem is a simple yet controversial one: Google does not protect passwords from being viewed when a user is logged in and running Chrome. It means anyone can walk up to a machine and grab stored passwords from Chrome.

The tech titan believes this is the best way forward for usability and security.

To view stored passwords, a user simply has to go to the advanced settings page, then click on the Passwords and forms option, followed by Manage saved passwords.

Password hackAlternatively, they could just use the URL chrome://settings/passwords. Clicking on the list of obscured passwords reveals what they are.

There is no option to add security around stored passwords, not even the option to add an extra password to access them.

Google isnt clear about its password security, said developer Elliott Kember, who blogged about the issue. In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers. Its the mass market the users. The overwhelming majority.

They dont know it works like this. They dont expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay.

Head of Googles Chrome developer team, Justin Schuh, said Kembers assessment was wrong, suggesting that Google would be giving a false sense of security if they changed the model.

You think your passwords are protected somehow in other applications, but theyre simply not. The fact is that theyre still trivially recoverable, and if the bad guy can read them at all than he already has access to fully compromise your entire OS user account, he added.

So, youre arguing that we take measures to make users think theyre safe when theyve already surrendered any pretense of security. Effectively, youre asking that we lull our users into a false sense of security.