LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Google Chrome and master passwords

Google Chrome and master passwords

Posted May 21, 2010 13:35 UTC (Fri) by jwarnica (subscriber, #27492)
In reply to: Google Chrome and master passwords by AndreE
Parent article: Google Chrome and master passwords

Well... The question really is "whose job is it to provide security against remote or local physical attacks?"

Chrome doesn't do RAID, it doesn't do tape backups, it doesn't patch the OS with updates. Such services and tasks are clearly something else's problem.

Disk encryption exists, if currently unusual. Locking screensavers are everywhere, if not always used.

Users have the ability, today, to protect against the attacks that a browser master lock also provide.

A browser master lock is:
- not going to be as effective (system based security would both protect against more things, and likely be technically better as its importance would get it more attention from devs and testers)
- be annoying to those using other locks (I hate the gnome keyring thing, for example. I just logged in to my account, and you want me to log in again?)

(Log in to post comments)

Google Chrome and master passwords

Posted May 22, 2010 8:37 UTC (Sat) by tzafrir (subscriber, #11501) [Link]

A browser "master lock" is optional. If you don't trust the browser, don't store passwords with it.

If I don't want to install a different password (and copy/paste passwords, which may expose them on the clipboard), what should I do?

Google Chrome and master passwords

Posted May 22, 2010 21:52 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]

option 1
remember your passwords yourself and type them

option 2
have an application, device remember your passwords but type them, don't copy-n-paste them

option 3
get a browser plugin that generates a password based on the website and what you type so that you don't have to remember a different password per website, but each website gets a different password

Google Chrome and master passwords

Posted May 22, 2010 18:07 UTC (Sat) by salimma (subscriber, #34460) [Link]

On Fedora, at least, the Gnome keyring is unlocked automatically when you login. The KDE wallet on openSUSE, on the other hand, *does* require manual unlocking.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds