Agreed, I think the response of the Chrome security team is “disappointing”, to quote Tim Berners Lee. I just blogged about this<goo.gl/zeIkz8> .
-- Cédric -- Cédric On Wed, Aug 7, 2013 at 10:05 AM, Fabrizio Giudici < fabrizio.giud...@tidalwave.it> wrote: > I had this question in mind for some time to ask here, but so far I didn't > because after all was a well known theme. But I see that the point has been > reprised by Engadget, so I have the excuse of commenting its post ;-) > > > http://www.engadget.com/2013/**08/07/chrome-saved-passwords/<http://www.engadget.com/2013/08/07/chrome-saved-passwords/> > > https://news.ycombinator.com/**item?id=6166731<https://news.ycombinator.com/item?id=6166731> > > Key point: Chrome doesn't protect user passwords with a master key. Google > says that, beyond the o.s. login, everything else is "just theater" and > would provide "a false sense of security", encouraging "risky behaviour" by > the user. > > With all the respect that I owe to Google and its engineers... may I > humbly say that this sounds to me as supreme nonsense? It sounds as saying > "listen, a fence is just theater as it takes ten seconds to be broken. So > we didn't build any fence around our plant". Still, all the military bases > I know have a fence as the first level of protection. I've never seen one, > but I guess that Google data centers are protected by a fence too. Are > those guys just stupid? > > Out of the metaphor: I've always understood that good security is made by > a layer of things, the former ones could be even easily breachable, but > they act as a first gross filter. > > Practically, I've learned Google's point a few weeks ago when I moved to > Chromium. I applied their point, making sure that Google data are on an > encrypted partition; and I've always taken care of my laptop, e.g. making > sure that when I move the encrypted partition is unmounted. This of course > to protect a whole bunch of data other than Chromium passwords. Still, > sometimes you can get distracted for just a few seconds and I don't think > it's human to ask people to lock the screen when they just turn around. A > master password would just prevent the nearby co-worker from peeking his > nose in such circumstances. Without master password, it's really a matter > of seconds to get to the passwords. > > Your opinion? > > > -- > Fabrizio Giudici - Java Architect @ Tidalwave s.a.s. > "We make Java work. Everywhere." > http://tidalwave.it/fabrizio/**blog <http://tidalwave.it/fabrizio/blog> - > fabrizio.giud...@tidalwave.it > > -- > You received this message because you are subscribed to the Google Groups > "Java Posse" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to > javaposse+unsubscribe@**googlegroups.com<javaposse%2bunsubscr...@googlegroups.com> > . > To post to this group, send email to javaposse@googlegroups.com. > Visit this group at > http://groups.google.com/**group/javaposse<http://groups.google.com/group/javaposse> > . > For more options, visit > https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> > . > > > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To unsubscribe from this group and stop receiving emails from it, send an email to javaposse+unsubscr...@googlegroups.com. To post to this group, send email to javaposse@googlegroups.com. Visit this group at http://groups.google.com/group/javaposse. For more options, visit https://groups.google.com/groups/opt_out.
