Today, another massive security breach made the news. This time, it was about the breach of 000webhost a free hosting provider. Troy Hunt did a good write up about the incident, including his investigation and the event timeline, in this blog post. The compromise involves over 13 million accounts which were acquired during a recent hack. I've never used their service and my account is not in there. If you have, I would highly recommend you change your passwords. I would also recommend that you register on Troy's Have I been Pwned site so that you can get automatic alerts for similar incidents.
So, even though I'm not in danger from this hack, I'm still reminded that I have a lot of passwords, some of which may need to be tightened up a bit due to lazy/bad habits. I also have a ton of passwords that are stored on Chrome but not on my password manager tool. One thing I wanted to do was to retrieve all my passwords and maybe reset the weak or repeated ones. After all, I haven't always been as security-aware as I'm now.
If you, like me, use Chrome day in day out, you already know that it has a neat feature that can be used to securely store passwords when you login to a site for the first time. This is handy but it's tied to Chrome. Ideally you should be using a third party tool like PasswordManager, 1Password etc to store your passwords and accounts you use frequently. Moving passwords off Chrome is tricky as there's no built in export option and I wanted to do this in bulk. There's no chance I'm going to copy 100s of accounts and corresponding passwords by hand.
lazy good developer would do, I came up with this handy script that can retrieve all the passwords in one go. All it takes is 7 small steps.
Open a new Chrome tab and navigate to
You should be presented with your Chrome Passwords page
Press F12 to open the Web Developer Tools
Open the console
- Copy/Paste the following code on the console and press Enter
Enter your Windows/Mac OSx credentials when asked to. This is required in order to access your data
Go back to your Chrome tab and, lo and behold, all your passwords are now available in a nice comma separated (CSV) list.
If you're interested on how this script was generated, have a look at the Chromium GitHub Repo and in particular the
NOTE: this script is running locally on your machine and doesn't require an installation of any 3rd party tools. It's just using the same code that Chrome is using when you want to peek into your stored passwords.
You can now use the exported list as you see fit but the important thing is that you now have a way to access all that information.