Chrome's Insane Password Security Strategy

Posted by Unknown on Wednesday August 7, 2013 @04:30AM from the passwords-for-password-locker dept.

jones_supa writes "One day web developer Elliott Kember decided to switch from Safari to Chrome and in the process, discovered possibly a serious weakness with local password management in Chrome. The settings import tool forced the passwords to be always imported, which lead Kember to further investigate how the data can be accessed. For those who actually bother to look at the 'Saved passwords' page, it turns out that anyone with physical access can peek all the passwords in clear text very easily with a couple of mouse clicks. This spurred a lengthy discussion featuring Justin Schuh, the head of Chrome security, who says Kember is wrong and that this behavior of Chrome has been evaluated for years and is not going to change."

1 of 482 comments (clear)

Min score:

Reason:

Sort:

Why is this making news? by vawwyakr · 2013-08-07 04:41 · Score: 3, Funny

I've seen this on several sites, is this news to anyone?? Did you miss it many years ago when this was added? You know what, when someone is physically on my machine while its logged in, they can also send emails from my account!! Its just right there ready to go! We need to do something about this!