Chrome's Insane Password Security Strategy

jones_supa writes "One day web developer Elliott Kember decided to switch from Safari to Chrome and in the process, discovered possibly a serious weakness with local password management in Chrome. The settings import tool forced the passwords to be always imported, which lead Kember to further investigate how the data can be accessed. For those who actually bother to look at the 'Saved passwords' page, it turns out that anyone with physical access can peek all the passwords in clear text very easily with a couple of mouse clicks. This spurred a lengthy discussion featuring Justin Schuh, the head of Chrome security, who says Kember is wrong and that this behavior of Chrome has been evaluated for years and is not going to change."

Re:Firefox is the same

[osu-neko]

You can secure this in Firefox, there is no option to do so in Chrome.

You mean Firefox engages in a bit of security theater that Chrome does not. As a result, people who don't know any better are mislead into believing the falsehood that "you can secure this in Firefox", whereas people in Chrome can see the truth of the matter.