TIL - That Despite You Best Efforts Your Passwords are Stored in Plaintext!

This is going to be short.
Early yesterday I had a drive crash and it took out my user data cache.
Fortunately I was able to recover everything, except I keep my keys and passwords in a highly encrypted tool called keypass and the DB was damaged.

I fired up chrome and everything was missing, history, logins, you name it, the chrome cache folder had been wiped out.

I genuinely believed this information was gone, including the password for my steemit account (which would have been devastating).

In the process of exploring what was left I found a tool called seahorse, it's a default part of the OS and I had never paid much attention to it before. But I opened it up and HOLY SHNIKEES BATMAN! It has a section called "logins" that had stored in plain text every single password to every single website I had ever visited since I installed the OS.

right there under the passwords tab

To make things more interesting, I found that this tool has a lot of uses and functions and you can do some really fun advanced crypto with it. No one talks about it much, but it's there.
The datastore itself appears to be default setup to unlock with the same password you use to login to the OS with, which is disturbing to me on a number of levels.

This means that unless you have whole disk encryption, your steemit password is at risk if you're running any version of linux that uses this and blowing away your webcache does not fix this, i.e. clearing cookies, cache, passwords.
Finally in the absence of this tool, it turns out that Chrome just stores this information on the hard drive in plain text.

If you've forgotten your passwords, you can always get to them in plain text by going here...
chrome://settings/passwords (you'll need to copy and paste the link isn't really clicky.)
Keep in mind that google has also backed these up to the cloud for you as well.
http://www.makeuseof.com/tag/view-chromes-saved-passwords-anywhere-stop/

The solution to this is to not allow your web browser to store your password, but to use a tool like keypass and keep your password DB backed up. Also use whole disk encryption whenever possible and if not then at least make sure your user data partition is encrypted.

As always this post is 100% steem powered!