Why are my passwords visible in clear-text to people looking at my settings in Chrome?

427 views
Skip to first unread message

Gootch

unread,
May 23, 2013, 12:46:30 PM5/23/13
to chromium...@chromium.org
I understand that if someone is using your computer without your knowledge, you shouldn't expect that your data is secure.  

That said, I cannot think of a valid reason why we wouldn't want add at least an extra level of security in the UI that would act as a deterrent for non-hacker people looking to score passwords of their friends.  Think of it as a security system in your house -- it won't stop professionals, but the kid next door looking to steal your computer will think twice, or avoid trying altogether.

Currently, anyone who happens to be using someone else's computer, for whatever reason, can simply open up chrome settings and view all saved passwords.

For some reason, all mentions of this in the chromium bug tracker are merged into http://code.google.com/p/chromium/issues/detail?id=9560 which is closed and marked as "WontFix"... 

What do you think?

Rouslan Solomakhin

unread,
May 23, 2013, 12:49:58 PM5/23/13
to goo...@gmail.com, Chromium-discuss
The bug that you linked answers your question, I think:
The fact that Chrome offers easy access to the stored passwords and other browsers do 
not, does not mean that it's not easy to access the stored passwords for the other 
browsers: it's just not easy with any built in feature of those browsers. As Chrome's 
password import feature clearly demonstrates, it's easy to read the passwords with 
the right tools. Even if Chrome would not allow you access to the passwords, you can 
read them manually, download another tool on the machine to do this or just sent the 
relevant password files to your computer and read them later.

If you do not want anybody to access your passwords, you should not allow them access 
to your machine without supervision.
--skyl...@chromium.org


--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
 
 
 

goo...@gmail.com

unread,
May 23, 2013, 12:53:50 PM5/23/13
to Rouslan Solomakhin, Chromium-discuss
That's not a sufficient answer... Just because securing the settings screen doesn't prevent hackers or savvy users from getting your data... It does stop average users from being able to read passwords.  It also prevents savvy users with limited time from accessing passwords too.

Leaving it wide open makes no sense, does it?  


--
Follow me on twitter
http://www.twitter.com/GarettRogers

Rouslan Solomakhin

unread,
May 23, 2013, 12:55:47 PM5/23/13
to goo...@gmail.com, Chromium-discuss
What solution would you propose?

goo...@gmail.com

unread,
May 23, 2013, 12:57:23 PM5/23/13
to Rouslan Solomakhin, Chromium-discuss
A master password

Nick B.

unread,
May 23, 2013, 1:00:20 PM5/23/13
to goo...@gmail.com, Rouslan Solomakhin, Chromium-discuss
What about the security layers between the user and the browser. Windows, OSX and Linux all offer password protection and the ability to offer guest accounts. So users won't have access to your personal chrome settings.

gpwolfe 鬼佬

unread,
May 23, 2013, 1:03:04 PM5/23/13
to Rouslan Solomakhin, Chromium-discuss
What about hooking into whatever platform's OS features for account password prompting?  Have a button, "Show Passwords" and prompt for user's password  and only show them on success from that mechanism.

Rouslan Solomakhin

unread,
May 23, 2013, 1:04:39 PM5/23/13
to goo...@gmail.com, Chromium-discuss
On Thu, May 23, 2013 at 9:57 AM, goo...@gmail.com <goo...@gmail.com> wrote:
A master password

If the user is signed in to Chrome using a Google account, I think it would be reasonable to request the Google account password when looking at chrome://settings/passwords. Some more options to consider for this feature:
  • Encrypt the passwords on disk using the Google account password.
  • Let users manage which passwords are stored on disk encrypted vs. in plain text.

Torne (Richard Coles)

unread,
May 23, 2013, 1:06:22 PM5/23/13
to rou...@chromium.org, goo...@gmail.com, Chromium-discuss
We do encrypt the passwords on disk in most cases, no? On Windows we use the account's encryption key, on OSX we store them in Keychain, and on Linux we try to store them in gnome-keyring or kwallet. Only if none of these mechanisms are available does it get stored in plaintext, as far as I know..


--

Rouslan Solomakhin

unread,
May 23, 2013, 1:10:58 PM5/23/13
to Torne (Richard Coles), Garett Rogers, Chromium-discuss
On Thu, May 23, 2013 at 10:06 AM, Torne (Richard Coles) <to...@chromium.org> wrote:
We do encrypt the passwords on disk in most cases, no? On Windows we use the account's encryption key, on OSX we store them in Keychain, and on Linux we try to store them in gnome-keyring or kwallet. Only if none of these mechanisms are available does it get stored in plaintext, as far as I know..

In this case, it might be possible to prompt for Windows account, OSX Keychain, or Linux gnome-keyring/kwallet password. 

I agree with Nick B. (nicksterx), however. You should switch to the guest account on your OS instead of
leaving your computer unlocked at work. 

Rouslan Solomakhin

unread,
May 23, 2013, 1:20:27 PM5/23/13
to Garett Rogers, Chromium-discuss
+chromium-discuss

Please keep the discussion going on chromium-discuss.

On Thu, May 23, 2013 at 10:15 AM, goo...@gmail.com <goo...@gmail.com> wrote:
Guest account, and always remembering to lock the computer is not a good solution, I am sorry.


On Thursday, May 23, 2013, Rouslan Solomakhin wrote:

Gootch

unread,
May 23, 2013, 1:32:21 PM5/23/13
to chromium...@chromium.org, Garett Rogers
Woops, I was replying by email and forgot to reply all.

So yeah, you can't assume the user is smart enough, or forward thinking enough to rely on them to lock their computer, or switch to a guest account.  It simply won't happen.  Part of the problem is that users don't know their passwords can be easily seen by anyone -- they have a false sense of security with Chrome IMO

Nick B.

unread,
May 23, 2013, 1:38:54 PM5/23/13
to goo...@gmail.com, chromium...@chromium.org
At what point is it reasonable to assume that user is smart enough to keep themselves secure? For example PDF's of a users tax returns could be in their documents folder. There is access to a lot of sensitive information with an unlocked computer. 


On Thu, May 23, 2013 at 11:32 AM, Gootch <goo...@gmail.com> wrote:
Woops, I was replying by email and forgot to reply all.

So yeah, you can't assume the user is smart enough, or forward thinking enough to rely on them to lock their computer, or switch to a guest account.  It simply won't happen.  Part of the problem is that users don't know their passwords can be easily seen by anyone -- they have a false sense of security with Chrome IMO

--

Gootch

unread,
May 23, 2013, 1:44:27 PM5/23/13
to chromium...@chromium.org, goo...@gmail.com
The point is that you cannot assume they are smart enough to keep themselves secure, EVER... so it should be our responsibility (or the developers of software in general) to make them as secure as possible without them having to think about it.

The fact that sensitive information is found on computers doesn't mean we can ignore security inside the apps we build.  

The easy, common sense solution to this problem, is requiring the user to enter their google password when requesting the saved passwords.  It's not fool-proof, but it's better than nothing...

If we want to leave this wide open, we might as well get rid of the extra authentication when someone tries to go to http://history.google.com to view your web history (even when you are already logged in)...

Nick B.

unread,
May 23, 2013, 1:47:16 PM5/23/13
to Garett Rogers, Chromium-discuss
I agree it would be nice if chrome offered authentication with your Google account to show your passwords. As it currently stands the most secure method is locking your desktop and allowing users to use the guest account. 

Gootch

unread,
May 23, 2013, 1:49:29 PM5/23/13
to chromium...@chromium.org, Garett Rogers
Yay.. someone agrees with me... 

Trying to get anyone on the Chromium team to do the same seems like an impossible task.. but I can't understand why?

Any thoughts on getting Google involved in this?  I think it's important enough to have a real discussion about fixing it.

Rouslan Solomakhin

unread,
May 23, 2013, 1:55:45 PM5/23/13
to Garett Rogers, Chromium-discuss
On Thu, May 23, 2013 at 10:49 AM, Gootch <goo...@gmail.com> wrote:
Any thoughts on getting Google involved in this?  I think it's important enough to have a real discussion about fixing it.

Chromium is a open source project. Anyone can submit the patch to do what you request. You could start the process, for example, by creating a mock of how your user interface would look.

Nick B.

unread,
May 23, 2013, 1:55:56 PM5/23/13
to Garett Rogers, Chromium-discuss
I think almost everyone has agreed with you in the thread. 

This is a lot of work to implement. I don't know the specifics of what changes that would need to be made but I don't think you can just add in a password checking scheme without getting a lot of support and laying a good foundation.

Gootch

unread,
May 23, 2013, 1:57:58 PM5/23/13
to chromium...@chromium.org, Garett Rogers
I might do that... though I honestly think that would be a huge waste of time considering everyone on the Chromium team thinks it's a dumb idea.

Nick B.

unread,
May 23, 2013, 2:01:18 PM5/23/13
to Garett Rogers, Chromium-discuss
You're not going to get support for an idea like that. Especially when no one has said it's a dumb idea.

Rouslan Solomakhin said:
If the user is signed in to Chrome using a Google account, I think it would be reasonable to request the Google account password when looking at chrome://settings/passwords. Some more options to consider for this feature:
  • Encrypt the passwords on disk using the Google account password.
  • Let users manage which passwords are stored on disk encrypted vs. in plain text.

gpwolfe 鬼佬  Said
What about hooking into whatever platform's OS features for account password prompting?  Have a button, "Show Passwords" and prompt for user's password  and only show them on success from that mechanism.

Create a mockup in Lucid Chart or something. 


--

Gootch

unread,
May 23, 2013, 2:03:58 PM5/23/13
to chromium...@chromium.org, Garett Rogers
Sorry, nobody on this thread has said that... here's the official Google response... they think it's an edge case, and they aren't going to do it because it would add "too much complexity" to the UI...

Nick Bachicha

unread,
May 23, 2013, 2:07:41 PM5/23/13
to Garett Rogers, Chromium-discuss
I don't know if you noticed the email addresses in the thread 
Rouslan Solomakhin has a chromium.org address and gpwolfe 鬼佬 has a google.com address

Unless you create the mockup no one will know the amount of complexity that is added. If you want this so bad try to do it, don't expect others to. Chromium is open source. 

Gootch

unread,
May 23, 2013, 2:59:30 PM5/23/13
to chromium...@chromium.org, Garett Rogers
I did not notice that... I'm glad they are on this thread. 

I have created a video showing the proposed flow, which doesn't add any UI complexity, and would be easy to implement.  Let me know what you think:

Rouslan Solomakhin

unread,
May 23, 2013, 3:37:44 PM5/23/13
to Garett Rogers, Chromium-discuss
Cool! If this feature reuqest is not on http://crbug.com yet, then the next step is probably filing a feature request on http://crbug.com/new with the following attributes:
  • Title: "Prompt for Google password before editing website passwords in Chrome"
  • Type: "Type-Feature"
Be sure to link to the discussions and your video in the description of the feature request. The next steps would be to drum up support for your feature request somehow.

Gootch

unread,
May 23, 2013, 3:46:21 PM5/23/13
to chromium...@chromium.org, Garett Rogers
Rouslan,
That is part of my gripe... I have added this bug several times on there -- each time it gets merged into bug 9560 (which is closed and marked as WontFix)

I will try adding another new one, with a link to the video and all the discussion threads i can find on the internet

Rouslan Solomakhin

unread,
May 23, 2013, 3:54:23 PM5/23/13
to Garett Rogers, Chromium-discuss
Nothing can be promised, really. If there's not enough support for the feature, it might get shut down again... Sorry.

Gootch

unread,
May 23, 2013, 3:58:59 PM5/23/13
to chromium...@chromium.org, Garett Rogers
Drumming up support externally will be very easy... it's already the "most commonly reported non-bug" according to a comment from a developer on my last bug submission here: https://code.google.com/p/chromium/issues/detail?id=243334#c1

The problem is drumming up support internally among the developers.  How I go about attempting that?

Rouslan Solomakhin

unread,
May 23, 2013, 4:00:46 PM5/23/13
to Garett Rogers, Chromium-discuss
Perhaps starting a discussion on chromi...@chromium.org

Gootch

unread,
May 23, 2013, 5:16:40 PM5/23/13
to chromium...@chromium.org, Garett Rogers
That is another dead end... the "WontFix" flag on a bug is a black hole, and cannot be overcome.

It's a sad day when the overlords err on the side of no security at all -- despite many reasonable common sense arguments and solutions being proposed.

There is simply no way to get this feature request through -- what a shame.

I'm not going to stop though -- this was just a start.  My next task is to make sure the general public know about this problem, and the fact that Google refuses to fix it.

aur...@chromium.org

unread,
May 30, 2013, 9:13:51 PM5/30/13
to chromium...@chromium.org, Garett Rogers
Did you consider using LastPass extension (link) to store your passwords? I've been using it for a while due to the same issues as your described in this thread.

Aurimas
Reply all
Reply to author
Forward
0 new messages