We've debated it over and over again, but the conclusion we alwaysĬome to is that we don't want to provide users with a false sense of Password or something similar, even if we don't believe it works. We've also been repeatedly asked why we don't just support a master There are just too many vectors for him to get what he wants. Once the bad guy got access to your account the game was lost, because Or install OS user account level monitoring software.
Install malicious extension to intercept all your browsing activity, Said bad guy can dump all your session cookies, grab your history, Within the OS user account just aren't reliable, and are mostly justĬonsider the case of someone malicious getting access to your account. Beyond that, however, we've found that boundaries
So, Chrome uses whateverĮncrypted storage the system provides to keep your passwords safe forĪ locked account. Your password storage is the OS user account.
I'm the Chrome browser security tech lead, so it might help if IĮxplain our reasoning here. Justin Schuh defended Google's reasoning in the wake of this post detailing the " discovery" (sic) that passwords saved in the Chrome password manager can be viewed in plaintext.
0 kommentar(er)
