Can an application be tweaked to disable Chrome Save Password prompt

38 views
Skip to first unread message

Bibian PAH

unread,
Jun 22, 2022, 9:40:44 AM6/22/22
to Chromium-discuss
We recently purchased a cloud base software for multiple users. Since it is using Chrome the Save Password prompt function post a security risk. Is it possible for an application to be coded to deny Chrome's Save Password? Or can Chrome be set to not prompt Save Password for certain application?

PhistucK

unread,
Jun 22, 2022, 9:48:42 AM6/22/22
to bibia...@gmail.com, Chromium-discuss
From what I understand, the Chrome team does not consider a password manager as a security issue, but a user experience feature. If someone managed to access the machine, physically or taken over remotely, you have bigger problems (I think that was the reasoning).
Even banks have (slowly) stopped avoiding password managers.

Web applications cannot disable the password manager.

As a system administrator, you can disable the password manager for all of the websites, using an enterprise policy -
https://chromeenterprise.google/policies/#PasswordManagerEnabled

Note that existing saved passwords will still be automatically filled, only new ones will not be saved.

Disabling the password manager is a big hammer and a very bad user experience, so I advise against this as well as against trying to avoid saving the password.

PhistucK


On Wed, Jun 22, 2022 at 2:40 PM Bibian PAH <bibia...@gmail.com> wrote:
We recently purchased a cloud base software for multiple users. Since it is using Chrome the Save Password prompt function post a security risk. Is it possible for an application to be coded to deny Chrome's Save Password? Or can Chrome be set to not prompt Save Password for certain application?

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

---
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

Bibian PAH

unread,
Jun 26, 2022, 10:14:50 PM6/26/22
to Chromium-discuss, PhistucK, Chromium-discuss, Bibian PAH
Thanks, the reason why it became a security risk for us is because the hardware where this application is being accessed from are used by more than one user at any given day. Think hospital setting. Whilst password manager is excellent for individual users, this isn't necessarily true for hospital setup where anyone can use your password and performing patient related activity that could end up with medical error - intentional or unintentional. When it comes to dealing with patient's life, sad it may be, but we always approach it from the conservative perspectives because Software technology in medicine is still 20 years behind no matter what EPIC and CERNER tells the world. 

I'll provide your suggestion to the System Admins and i'll let them make that decision. Thanks again. 

PhistucK

unread,
Jun 27, 2022, 4:22:49 AM6/27/22
to Bibian PAH, Chromium-discuss
That makes sense - if it is a public device, it should not remember any password, not just the password on a specific website.
Note that Chrome has a guest mode/profile which automatically deletes everything once closed and also does not remember passwords. This policy seems to enforce it to be the only way to use the browser - https://chromeenterprise.google/intl/en_uk/policies/#BrowserGuestModeEnforced

PhistucK

Reply all
Reply to author
Forward
0 new messages