- Manage passwords google chrome dammit install#
- Manage passwords google chrome dammit full#
- Manage passwords google chrome dammit password#
I wholeheartedly disagree with several of the points you make here, and I think you're more or less ‘passing the buck’ on something which is most definitely your responsibility to take good care with. It can be broken just by rebooting the computer with a boot disk, right? So why include it? Because its useful. They could have still done it even though the computer was locked, but they did not because it was too much work.Īlso, going off what you have said, the "locking" process in windows is pointless since it offers a false sense of security. Its almost akin to why so many coworkers always jacked each others wallpaper when they forgot to lock their computer.
Manage passwords google chrome dammit password#
Having to potentially download a third party program to decrypt the password DB and/or run additional commands is very different that just navigating to the chrome settings page. A potentially honest person might open a door and take something but if they must now break a window to accomplish the same task many will not pursue it.
The fact is that when you increase the barrier to doing evil, many give it up. Now, if you lock the doors the odds are it will still be there when you return. Leave a car unlocked with a $20 bill on the seat and you might find that $20 gone when you return. A crime of opportunity is very different than one of bad intentions. However, keep in mind 'open door' syndrome.
Manage passwords google chrome dammit full#
If someone has access to your computer and wants to do damage, they have full access to do it. Nobody doubts that adding a master password will stop nobody who knows what they are doing. Because in effect, that's really what they get. We want to be very clear that when you grant someone access to your OS user account, that they can get at everything. We've debated it over and over again, but the conclusion we always come to is that we don't want to provide users with a false sense of security, and encourage risky behavior. We've also been repeatedly asked why we don't just support a master password or something similar, even if we don't believe it works. My point is that once the bad guy got access to your account the game was lost, because there are just too many vectors for him to get what he wants.
Manage passwords google chrome dammit install#
Said bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software. Beyond that, however, we've found that boundaries within the OS user account just aren't reliable, and are mostly just theater.Ĭonsider the case of someone malicious getting access to your account. So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account.
The only strong permission boundary for your password storage is the OS user account. I'm the Chrome browser security tech lead, so it might help if I explain our reasoning here.
0 kommentar(er)
