Chrome's Insane Password Security Strategy

jones_supa writes "One day web developer Elliott Kember decided to switch from Safari to Chrome and in the process, discovered possibly a serious weakness with local password management in Chrome. The settings import tool forced the passwords to be always imported, which lead Kember to further investigate how the data can be accessed. For those who actually bother to look at the 'Saved passwords' page, it turns out that anyone with physical access can peek all the passwords in clear text very easily with a couple of mouse clicks. This spurred a lengthy discussion featuring Justin Schuh, the head of Chrome security, who says Kember is wrong and that this behavior of Chrome has been evaluated for years and is not going to change."

Re:Master Password (Thuderbird+Firefox)

[Jeremiah+Cornelius]

Google is horrible, that's all there is to it.

This nonchalance with user passwords is one more steaming loaf for the pile:

1) Rip-off GPL and Apache license software, by exploiting the spirit of the licenses, without violation of terms.

2) Produce shiny spyware, that looks like attractive product and services.

3) Screw everybody in the way of their strategy-du-jour, especially "customers" with concerns of privacy and other user expectations. Witness "net neutrality" or their abandonment of installed bases.

4) Oxymoronism. "Android Security". GoogleTV device is more piled higher and deeper on this pile.

What's my response? "Send me to heaven".