[LINK] Dull Chrome

Sat Aug 31 00:26:44 AEST 2013

The issue is Chrome does not have a master password to protect those that
are stored on a per-site basis.
If someone has access to my machine, they can view my saved passwords with
5 clicks.
Google argues having a masterpassword gives a false sense of security.
It is trivial to bypass such a set-up by fabricating local webpages to
request the stored passwords.
While this is true, it betrays a lack of understanding of how users make
use of software in the real world.
I might happily give a co-worker access to my logged in machine while I
make a cup of tea.
I can reasonably expect them not to have prepared a series of dummy web
pages to uncover my stored passwords, but with Chrome it only takes a
couple of clicks to see in plain text my stored passwords.
I appreciate Google are trying to teach me that passwords should be kept
securely, and that limited securely is theoretically no better than no
security, but in practice, a little more security would be beneficial.

And to Roger's question, yes, I use Chrome.
I do get it to remember passwords to non-important sites, and I don't
re-use those passwords on important sites. Even so, it is a nuisance. I
don't especially want people to, for example, view the Groupon vouchers I
have purchased, yet that is a site I have a saved password for.

Regards,
Michael Skeggs

On 30 August 2013 23:07, Jeremy Visser <jeremy at visser.name> wrote:

> On 30/08/13 16:45, Roger Clarke wrote:
> > I thought Google employed *clever* people.
> >
> > Users of the popular web browser Google Chrome are warned that
> > passwords (saved by the browser) are not secured properly, leading to
> > any other user being able to view all passwords that you have saved.
>
> This is not news. It’s a *feature*, not a bug.
>
> Firefox has been doing this since forever as well, c.f.
> http://i.imgur.com/gTsiB5i.png
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>