I understand that if someone is using your computer without your knowledge, you shouldn't expect that your data is secure. That said, I cannot think of a valid reason why we wouldn't want add at least an extra level of security in the UI that would act as a deterrent for non-hacker people looking to score passwords of their friends. Think of it as a security system in your house -- it won't stop professionals, but the kid next door looking to steal your computer will think twice, or avoid trying altogether. Currently, anyone who happens to be using someone else's computer, for whatever reason, can simply open up chrome settings and view all saved passwords.
For some reason, all mentions of this in the chromium bug tracker are merged into http://code.google.com/p/chromium/issues/detail?id=9560 which is closed and marked as "WontFix"...
What do you think?
The fact that Chrome offers easy access to the stored passwords and other browsers do not, does not mean that it's not easy to access the stored passwords for the other browsers: it's just not easy with any built in feature of those browsers. As Chrome's password import feature clearly demonstrates, it's easy to read the passwords with the right tools. Even if Chrome would not allow you access to the passwords, you can read them manually, download another tool on the machine to do this or just sent the relevant password files to your computer and read them later. If you do not want anybody to access your passwords, you should not allow them access to your machine without supervision.
--skyl...@chromium.org
--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
A master password
--
We do encrypt the passwords on disk in most cases, no? On Windows we use the account's encryption key, on OSX we store them in Keychain, and on Linux we try to store them in gnome-keyring or kwallet. Only if none of these mechanisms are available does it get stored in plaintext, as far as I know..
Guest account, and always remembering to lock the computer is not a good solution, I am sorry.
On Thursday, May 23, 2013, Rouslan Solomakhin wrote:
Woops, I was replying by email and forgot to reply all.So yeah, you can't assume the user is smart enough, or forward thinking enough to rely on them to lock their computer, or switch to a guest account. It simply won't happen. Part of the problem is that users don't know their passwords can be easily seen by anyone -- they have a false sense of security with Chrome IMO
--
Any thoughts on getting Google involved in this? I think it's important enough to have a real discussion about fixing it.
--