[ NNSquad ] The Chrome passwords controversy (plus my thoughts)

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] The Chrome passwords controversy (plus my thoughts)

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] The Chrome passwords controversy (plus my thoughts)
From: Lauren Weinstein <lauren@vortex.com>
Date: Wed, 7 Aug 2013 09:13:04 -0700

The Chrome passwords controversy (plus my thoughts)

http://j.mp/1441ub3 (Otaku / Beust)

   "An innocent blog post demonstrating that it's trivial for anyone to
    see passwords in clear in Chrome is slowly building up into a whole
    scandal. The Chrome team was quick to respond but unfortunately, that
    answer simply poured oil on a fire that was already burning quite
    brightly."

 - - -

OK, we seem to have a Chrome passwords brouhaha in progress. Here's my
quick personal take. The Chrome team is technically correct in their
analysis and view that if you're dealing with persons with physical
access to a computer, most of the password protection schemes being
discussed are largely window dressing and potentially give a false
sense of security. That said, if we stipulate that it would still be
useful to try dissuade casual, opportunistic viewing of stored
passwords by random parties, having the option of defining a master
password to be required to view the stored password tables could still
be useful, even within its limited context. Two things to keep in mind
about this, though. First, most people aren't going to use it -- many
users are in situations where they simply wouldn't need it or want it.
Second, there really needs to be some recovery mechanism as well --
since people who do set a master password and subsequently lose it are
going to be very upset, so simply defining a master password without a
robust recovery system could create more problems than it solves for
many users. This really is not a simple situation.

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein 
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad

Prev by Date: [ NNSquad ] Cell-phone based amber alert turns into a predictable mess in California
Next by Date: [ NNSquad ] "Android Device Manager" Goes Live
Previous by thread: [ NNSquad ] Cell-phone based amber alert turns into a predictable mess in California
Next by thread: [ NNSquad ] "Android Device Manager" Goes Live
Index(es):
- Date
- Thread