Pixel Envy

Written by Nick Heer.

Chrome’s Insane Password Security Strategy

Elliott Kember:

There’s no master password, no security, not even a prompt that “these passwords are visible”. Visit chrome://settings/passwords in Chrome if you don’t believe me.

I’d love to be in the meeting when they were discussing this.

Oh wait, let’s ask Justin Schuh, head of Chrome security:

The only strong permission boundary for your password storage is the OS user account. So, Chrome uses whatever encrypted storage the system provides to keep your passwords safe for a locked account. Beyond that, however, we’ve found that boundaries within the OS user account just aren’t reliable, and are mostly just theater. […]

We’ve also been repeatedly asked why we don’t just support a master password or something similar, even if we don’t believe it works. We’ve debated it over and over again, but the conclusion we always come to is that we don’t want to provide users with a false sense of security, and encourage risky behavior.

So no verification is required to reveal all of your internet account passwords that you’ve saved in Chrome. Spectacular.

In a sense, Schuh is right — the only way to lock your system is at the user level. But this just seems like a silly way to rationalize a plainly poor decision. Using no security at all is not better than modest security.