Chrome’s insane password security strategy • elliottkember
▻http://blog.elliottkember.com/chromes-insane-password-security-strategy
There’s no master password, no security, not even a prompt that “these passwords are visible”.
...
Any time I try to draw attention to this, I get the usual responses from technical people:
Just use 1Pass
The computer is already insecure as soon as you have physical access
That’s just how password management works
While all of these points are valid, this doesn’t address the real problem: Google isn’t clear about its password security.
In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers. It’s the mass market - the users. The overwhelming majority. They don’t know it works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not okay.
cf. aussi
Why you should never let Chrome store your passwords ▻http://bgr.com/2013/08/07/google-chrome-password-security
Why You Shouldn’t Let Google Chrome Save Your Passwords ▻http://www.shellypalmer.com/2013/08/chrome-and-saved-passwords
Remembering passwords for multiple websites is incredibly annoying but it still might not be a good idea to let Google’s Chrome browser remember them for you. Software developer Elliott Kember notes that it’s incredibly easy for anyone to see the passwords you’ve stored on Chrome as long as they’re using a computer where you’ve logged into the browser.