Comment #47 on issue 812 by gregor.larson: Profile/login support http://code.google.com/p/chromium/issues/detail?id=812
I think stored accounts/passwords really need special handling. If you think about it, passwords are the most sensitive information most users handle on a day-to-day basis. Because of the exposure and risk a list of accounts and passwords represent, they deserve an extra layer of protection against disclosure and loss. The reason stand-alone password-safes are popular is because they allow users (who are not IT professionals) control their data. The master password from firefox provided a similar level of control. Even if the computer, or a backup of the computer, was stolen, the master password, like the password to their password-safe, will protect their sensitive information. As far as protecting the password-safe with their regular login password, this is problematic. There are some instances were regular login passwords are disclosed or reset which would result in the disclosure or loss of the password-safe. If the trusted IT person needs my login password to fix something, he will probably get it (I will just reset it before / after he is done). If asked for their password-safe or Master Password, that would raise the suspicion of most users. Again, this is not about computer science and technical feasibility of protecting data with the login password. It is about creating a mechanism that *is* safe and with which the average user can understand and *feel* safe and in-control. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
