tl;dr: Check out transformtool.codeplex.com for an offline alternative to the online Base64 decoders.Google's keyword tool reports 9,900 monthly searches for "base64 decode online". How many of these searches lead to disclosure of sensitive business information, or personal information (PII) to one of the Base64 decoding webpages? None of these searches are from IT-professionals trying to figure out what's wrong in a production system, right?
|Top Google results for "base64 decode online" at time of writing|
Doing a quick review of the top ten results of a Google search for base64 decode online I found that none of the online base64 decoders offered secure communications to the server by default (i.e. no HTTPS). That means that whatever data you're sending over the wire is not protected by end-to-end encryption, so you cannot guarantee the confidentiality while it's in transit. Note also that it's no longer Base64 encoded when you get the response back, then it's human readable and can be easily recognized as sensitive information.
The Base64 decoding websites contain no information on whether they might use the data for any purpose, or if the data you send to them is stored in any way on the server(s). So you have no guarantees for the information's confidentiality on the server either. Unless you check specifically (every time!), you have no idea where the sites' web servers are located. In effect you might be shipping company data out of the country. Explain that to the compliance department...
What should you do?
You should install an application locally that lets you decode the data. Web application security proxies such as Burp and Fiddler support Base64 encoding/decoding, and they're also great debugging tools for web applications. However, they might need administrator rights to install properly.
TransformTool is an encoding/decoding tool that supports Base64 (disclaimer: I wrote it). It installs locally and runs with restricted privileges. The installation is simple, and does not require administrator privileges on the computer.
So, find a trustworthy tool that installs locally on your computer. Use that for your Base64 decoding needs instead of sharing the data on the Internet!