Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Working On Password Generator For Chrome

Posted by Soulskill on from the 123456-letmein-hunter2 dept.

Trailrunner7 writes "Google is in the process of developing a tool to help users generate strong passwords for the various and sundry Web sites for which they need to register and authenticate. The password-generator is meant to serve as an interim solution for users while Google and other companies continue to work on widespread deployment of the OpenID standard. The tool Google engineers are working on is a fairly simple one. For people who are using the Chrome browser, whenever a site presents them with a field that requires creating a password, Chrome will display a small key icon, letting the users know that they could allow Chrome to generate a password for them."

5 of 175 comments (clear)

  1. One small problem... by Todd+Knarr · · Score: 5, Insightful

    The problem I see is the increasing number of sites (eg. Sony's online game support sites) who "for security reasons" block browsers from auto-completing password fields. Which IMO actually decreases security, it increases the number of times a keylogger could see my password and it makes it harder to use high-difficulty (and difficult to remember) passwords.

  2. Re:What could go wrong? by Aerorae · · Score: 4, Insightful

    You mean the Do Not Track list which is practically unenforceable? The one where the advertisers "do the right thing" and honor the users' request not to track them? Such an IRONCLAD defense against predatory advertisers should be the gold standard, shouldn't it?

  3. Re:What could go wrong? by liquidweaver · · Score: 4, Insightful

    Lets take your argument to its logical conclusion - somewhere inside of Google's secret evil HQ in the base of a volcano, Sergei and Larry are laughing maniacally, "Now we can login as everyone because we will know their passwords! MWAHAHAHA!" as they stroke their evil kittens with eyepatches.

    Or realistically, that google would login as people and impersonate their accounts.

    You can have my tinfoil hat, you need it more than me.

    --
    mov ah, 4ch
    int 21h
  4. Re:xkcd by Sigma+7 · · Score: 5, Insightful

    Randall uses four words, not one. Even if you use a small word list of 5000 words (and TWL has much more words), that's 6.25 *10^14 combinations. It's still a few times stronger than a 8-character random alphanumeric which has ~2.81*10^14 combinations.

    And if you go with the full TWL, you need at least 12 characters in the random alphanumberic to even be as strong as the 4-word passphrase.

    It's only less secure in the sense that a similarly sized alphanumeric has more possible combinations - which is not being compared.

  5. Re:What could go wrong? by MisterMidi · · Score: 5, Insightful

    What's different from trusting the browser to store your passwords? All major browsers have been doing this for years. It's really not much different. If they wanted your passwords, they'd already have them (with or without storage.) This is about encouraging people to use different passwords for different sites. Yes, it is a security risk to trust your browser with your passwords. But I think using the same password for every site is a much bigger risk.