Comment #54 on issue 812 by mr.ber...@gmail.com: Profile/login support http://code.google.com/p/chromium/issues/detail?id=812
#53 makes a good point: For me, too, it's about someone browsing through the Chrome menus and "accidently" seeing my passwords in plain text; not so much about perfect security in case the computer is lost or stolen. (Anyway, the file IS encrypted already if I understand the discussion correctly. And resetting the Windows user account password from outside of windows makes encrypted files inaccessible, as far as I know.) Scenario: My laptop is being used as a jukebox on a party. No one knows my windows- password, because I logon myself. However, several people shall be able to adapt the playlist, so locking the system is no option. People with bad/funny intentions should not be able to see passwords with only a few clicks. I don't care too much if someone wants to read my mail or to logon to facebook as me, because the damage one can do there is limited - especially in a situation where you don't have infinite time. But knowing my plaintext passwords allows someone to read my mail continously without me knowing it, or even change my password and making me lose access to my mail. And gettig the password is easy at the moment, 4 or 5 clicks in the menu, pretending you are looking for cookie options (which is only 1 click away) in case you are caught in action. What about this: Leave everything as it is, but make the user need to enter his Windows password in order to view all passwords in plain text (or delete them). Autologin to websites using stored passwords should still work without any entering of passwords. Advantages: - no bothering in normal surfing - no Chrome-internal password management necessary - no additional password to remember for the user - harder for keyloggers to record the password, as it is typed in very rarely (who NEEDS to view his passwords in plain text on a regular basis, anyway?) - no false sense of security: People either won't notice that their passwords are encrypted and protected (because they are never asked for a password at Chrome installation), or they know it's only protected by their Windows password. People SHOULD know better than to give other people their Windows password. Especially since on Windows 7, the Users' folders are auto-shared within a private network, and accessible with the user account's password. Disadvantages: - I don't see any, compared to the current situation. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
