Chrome Passwords & Linux: Are They Safe?

TL;DR

Yes, someone booting a live Linux distro can access your Chrome passwords if your disk isn’t properly encrypted. Full Disk Encryption (FDE) is the best protection. Here’s how to check and enable it.

Understanding the Risk

Chrome stores passwords in an encrypted file on your hard drive. However, this encryption relies on your user account password. If someone bypasses your login screen using a live Linux distribution (like Ubuntu or Tails), they can access the filesystems where Chrome’s data is stored and potentially decrypt your passwords.

Checking if Your Disk is Encrypted

1. Windows:

• Press Win + R, type control panel and press Enter.
• Go to System and Security > BitLocker Drive Encryption.
• Check if any drives are listed as ‘On’. If so, your disk is encrypted.

macOS:

• Click the Apple menu > System Preferences > Security & Privacy.
• Select the FileVault tab.
• If ‘FileVault is On’, your disk is encrypted.

Linux:

• Open a terminal.
• Run lsblk -f. Look for a column named ‘FSTYPE’. If you see something like ‘crypto_LUKS’, your disk is encrypted.

Enabling Full Disk Encryption (FDE)

If your disk isn’t encrypted, here’s how to enable it. Warning: This process can take a long time (hours), and you should back up all important data before proceeding!

Windows – Using BitLocker

1. Open Control Panel > System and Security > BitLocker Drive Encryption.
2. Select the drive you want to encrypt (usually your C: drive).
3. Click ‘Turn on BitLocker’.
4. Follow the on-screen instructions. You’ll be asked to create a recovery key – store this securely!

macOS – Using FileVault

1. Open System Preferences > Security & Privacy > FileVault.
2. Click the lock icon and enter your administrator password.
3. Click ‘Turn On FileVault’.
4. Follow the on-screen instructions. You’ll be asked to create a recovery key – store this securely!

Linux – Using LUKS (Example: Ubuntu)

This is more complex and requires using the command line. The following is a simplified example; consult your distribution’s documentation for detailed instructions.

1. Boot into a live environment (e.g., from a USB drive).
2. Open a terminal.
3. Identify the disk you want to encrypt (use lsblk carefully!). Let’s assume it’s /dev/sda.
4. Run

   sudo cryptsetup luksFormat /dev/sda

   . This will prompt you for a passphrase – choose a strong one!

5. Open the encrypted volume:

   sudo cryptsetup luksOpen /dev/sda myencryptedvolume

6. Create a filesystem on the encrypted volume (e.g., ext4):

   sudo mkfs.ext4 /dev/mapper/myencryptedvolume

7. Mount the filesystem:

   sudo mount /dev/mapper/myencryptedvolume /mnt

8. Copy your data to the mounted volume.
9. Unmount and close the encrypted volume when finished. Configure automatic mounting on boot (this varies by distribution).

Additional Security Measures

• Strong Passwords: Use strong, unique passwords for your user account and BitLocker/FileVault recovery keys.
• Two-Factor Authentication: Enable two-factor authentication wherever possible.
• Keep Your System Updated: Regularly update your operating system and software to patch security vulnerabilities.