NNSquad - Network Neutrality Squad
[ NNSquad ] The Chrome passwords controversy (plus my thoughts)
The Chrome passwords controversy (plus my thoughts) http://j.mp/1441ub3 (Otaku / Beust) "An innocent blog post demonstrating that it's trivial for anyone to see passwords in clear in Chrome is slowly building up into a whole scandal. The Chrome team was quick to respond but unfortunately, that answer simply poured oil on a fire that was already burning quite brightly." - - - OK, we seem to have a Chrome passwords brouhaha in progress. Here's my quick personal take. The Chrome team is technically correct in their analysis and view that if you're dealing with persons with physical access to a computer, most of the password protection schemes being discussed are largely window dressing and potentially give a false sense of security. That said, if we stipulate that it would still be useful to try dissuade casual, opportunistic viewing of stored passwords by random parties, having the option of defining a master password to be required to view the stored password tables could still be useful, even within its limited context. Two things to keep in mind about this, though. First, most people aren't going to use it -- many users are in situations where they simply wouldn't need it or want it. Second, there really needs to be some recovery mechanism as well -- since people who do set a master password and subsequently lose it are going to be very upset, so simply defining a master password without a robust recovery system could create more problems than it solves for many users. This really is not a simple situation. --Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ nnsquad mailing list http://lists.nnsquad.org/mailman/listinfo/nnsquad