Comment #44 on issue 1397 by wolfgang.kronberg: Master password is missing http://code.google.com/p/chromium/issues/detail?id=1397
Putting comment #36 into a more technical view: Nobody should be able to see my stored passwords unless they either know my master password (not stored anywhere on the disc, not even encrypted), or they are installing specific malware or my computer (which demands a certain amount of both knowledge and criminal energy, and which of course includes the risk of being caught in the act). Implementation suggestion: - introduce a check box called 'Use Master Password' in the settings. - if the check box is off, do everything the same way like now. - if the check box is checked, do the following: * let the user type in a master password. Do not store it anywhere on the disk. * use a symmetric encryption algorithm to encrypt all passwords using this master password. * store the encrypted passwords in exactly the same way as you are currently storing the unencrypted passwords, i.e. use the Windows encryption on the already-encrypted passwords. * during subsequent sessions, the first time Chrome needs to access a stored password, the user is prompted for the master password (which is then kept in main memory, accessible by malware, but malware can ultimately access everything anyway). * on every user interaction which would show a password as clear text to the user, the user will be required to re-enter his master password. Please consider adding this (or something similar in the spirit of comment #36) as soon as possible. I personally do not know anybody who is currently using Chrome, but to 100% of my colleagues and friends who were basically interested, this issue was /the/ show-stopper. Myself, I'm yet another 'Unhappy Firefox User Until This Issue Is Resolved'. :) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
