With all this talk about security I am still wondering why everyone isn't up in arms about the fact that Chrome makes all of your stored passwords plainly visible at the click of a button or two. This has been the case for years and many complaints have been recorded, but Google, for some strange reasons, seems to refuse to even attempt to put forth any effort to secure their browser.
Just to be clear, any security they could put on top of that would only be a deterrent to inept or non-criminal-minded people since encrypting those passwords is reversible and not allowing them to be seen inside Chrome wouldn't stop other tools. One alternative is to require a password to unlock the keychain, but I suspect most people don't actually want that (to have to type in a password in order to allow Chrome to autofill a password for them).
There are going to be much better discussions about this in Chromium discussion archives but I'll cover one of the main reasons why Chrome and Firefox (by default) do not have a master password. If someone has physical or remote access to your computer it is an endgame scenario and it does not matter if you have a master password enabled or not. The most basic attack is just to install a keylogger and steal the master password. They could also just copy the password database remotely and brute force it.
I understand this very well. Here's one scenario: Busy office. Hundreds of computers. Open environment (no doors, just a bunch of desks/tables). Everyone using Chrome.
The current version of Chrome would allow someone to, within a few clicks, grab a pile of passwords.
Here's another scenario: Your mother takes her laptop to be repaired/updated. She uses Chrome. The entire repair shop has easy, unencumbered access to all of her passwords and logins.
Similar scenario: Computer goes to IT guy where you work for repairs/updates. He now has any and all of your passwords and logins with no effort.
My point is that for all this talk about security it seems really dumb for a prominent player (any prominent player) to not take extra steps to ensure that our valuable data is secure within reason. With LinkedIn the problem is, at the very least, the lack of anything beyond SHA-1 to protect passwords. Bad idea. In the browser case, it seems to me that, unless the intent is to provide a browser used only by those like us who understand and are very aware of security issues, it might just be a good idea to put in a few things that will make it harder for curious eyes or the 16 year old at the repair shop to grab all of your login data.
I don't propose nor do I expect perfection or absolute security, but what Chrome does today is, in my opinion, at the very least irresponsible. The uninformed user has NO IDEA WHATSOEVER that a huge security hole exists in their browser. Maybe we need to stop thinking in our terms and focus on mom, dad, uncle or grandma. When you first install Chrome you should, at the very least, see a screen telling you about security and the options you might have. I think that a master passwords would most-definitely serve a purpose in the case of "innocent" peeking. Yes, with pro's all bets are off. It's only a matter of time until someone tracks identity theft to the lack of browser security and they sue the fuck out of the browser publisher.
> The current version of Chrome would allow someone to, within a few clicks, grab a pile of passwords
With a USB stick and one click anyone can install malware that would give complete control of the computer to the user remotely.
> Computer goes to IT guy where you work for repairs/updates.
IT repair guys generally need admin access to the computer and will have all the time in the world to install any number of malware for remote access.
> but what Chrome does today is, in my opinion, at the very least irresponsible
For Chrome to add a master password would be irresponsible because it would give users the illusion of security they don't have. All OSes already have password protection against innocent peeking with user accounts and the ability to lock your computer when you walk away.
If Chrome were to hide them in the UI, you could still get to them one way or another (like grabbing a memory dump). If someone has physical access to your computer when you're logged on, you've lost the security game. There's no point in adding a layer of obscurity on top.
A browser needs access to your raw password or it wouldn't be able to send it to a website. You could take Chrome to just not remember your passwords if it'd make you feel better. And alternative could be the master password feat but I'm not sure how that option works. I'm assuming (and this is dangerous) that it encrypts your passwords with your master password and decrypts them after you've entered that password.
