Re: [liberationtech] And now for some completely different flame... Chrome + password management
On Wed, Aug 7, 2013 at 9:09 PM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: Encrypting the passwords with a master passphrase wouldn't be useless... even if this is useful, it is a policy that should be implemented in the key manager and not the browser (or any other app, each on an ad-hoc basis, each with their own controls and configuration and assurances, each with their own flaws and shortcomings). consider KeyChain on Android with keystore and hardware backed secret storage - if you use the standard interfaces instead of rolling your own you get hardware protections where available without any additional effort. the same applies to desktop key manager policies; apps should rely on existing infrastructure rather than implement their own solutions poorly. again, policies and configuration like master passwords, session timeouts, explicit authorization, etc. are all the domain of a key manager and not the browser or any other app. the only thing Google could have done better is provide a more visible and useful description of how Chrome uses existing key management facilities on the desktop to save passwords and where the user can find out more about how this service functions. -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] And now for some completely different flame... Chrome + password management
I'll bite. You design your systems for the threats your users face. As many have mentioned, the threat most users face is from a spouse, partner, business associate, sibling, parent, children. Password fields don't display typed text to protect against shoulder surfers. It clearly doesn't protect again other adversaries such as keyloggers or others with access to the browser DOM. In this light, I think it is reasonable to encrypt the site passwords with a master password or at least have require a master password to display the cleartext. It could always have an option to disable or use a blank default master password for those who don't face the threats illustrated above. Really, however, we need to move to a post password model, that combines security and useability. My 2 cents. Jason On 8/7/2013 10:04 PM, Brian Conley wrote: Are they being irresponsible or aren't they? http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link That is a serous question in interested to hear a variety of opinions on, both for and against Google's position, OK go! Spoiler alert, I think both players are being jerks and not considering the importance of outreach and how users learn... -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech *R. Jason Cronk, Esq., CIPP/US* /Privacy Engineering Consultant/, *Enterprivacy Consulting Group* enterprivacy.com * phone: (828) 4RJCESQ * twitter: @privacymaverick.com * blog: http://blog.privacymaverick.com -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] And now for some completely different flame... Chrome + password management
Must every app data store reinvent the wheel rather than use operating system functionality? On Thu, Aug 8, 2013 at 10:42 AM, R. Jason Cronk r...@privacymaverick.com wrote: I'll bite. You design your systems for the threats your users face. As many have mentioned, the threat most users face is from a spouse, partner, business associate, sibling, parent, children. Password fields don't display typed text to protect against shoulder surfers. It clearly doesn't protect again other adversaries such as keyloggers or others with access to the browser DOM. In this light, I think it is reasonable to encrypt the site passwords with a master password or at least have require a master password to display the cleartext. It could always have an option to disable or use a blank default master password for those who don't face the threats illustrated above. Really, however, we need to move to a post password model, that combines security and useability. My 2 cents. Jason On 8/7/2013 10:04 PM, Brian Conley wrote: Are they being irresponsible or aren't they? http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link That is a serous question in interested to hear a variety of opinions on, both for and against Google's position, OK go! Spoiler alert, I think both players are being jerks and not considering the importance of outreach and how users learn... -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech R. Jason Cronk, Esq., CIPP/US Privacy Engineering Consultant, Enterprivacy Consulting Group phone: (828) 4RJCESQ twitter: @privacymaverick.com blog: http://blog.privacymaverick.com -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- @kylemaxwell -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] And now for some completely different flame... Chrome + password management
On Thu, Aug 8, 2013 at 11:01 AM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell ky...@xwell.org wrote: Must every app data store reinvent the wheel rather than use operating system functionality? Agree in theory, but do all operating systems have standard data stores that are encrypted with the user's password? They don't. Understood and point taken - but in general I'd rather point users towards better password management than the browser in any case, whether that's something like Lastpass / Keepass or something else entirely. *insert pointless rant about how passwords are a terribly broken model in the first place* -- @kylemaxwell -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] And now for some completely different flame... Chrome + password management
https://news.ycombinator.com/item?id=6166886 Chrome security guy takes it up with the Mashable article author. Chrome guy: This is what users expect! They expect to see their passwords in plain text. You are expecting us to provide them with a false sense of security. um... alrighty then... yrs, SN On Thu, Aug 8, 2013 at 12:05 PM, Kyle Maxwell ky...@xwell.org wrote: On Thu, Aug 8, 2013 at 11:01 AM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell ky...@xwell.org wrote: Must every app data store reinvent the wheel rather than use operating system functionality? Agree in theory, but do all operating systems have standard data stores that are encrypted with the user's password? They don't. Understood and point taken - but in general I'd rather point users towards better password management than the browser in any case, whether that's something like Lastpass / Keepass or something else entirely. *insert pointless rant about how passwords are a terribly broken model in the first place* -- @kylemaxwell -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Shava Nerad shav...@gmail.com -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] And now for some completely different flame... Chrome + password management
On Thu, Aug 8, 2013 at 9:22 PM, Shava Nerad shav...@gmail.com wrote: https://news.ycombinator.com/item?id=6166886 Chrome security guy takes it up with the Mashable article author. Chrome guy: This is what users expect! They expect to see their passwords in plain text. You are expecting us to provide them with a false sense of security. um... alrighty then... yrs, SN He is being quite condescending, but that's not what he's saying. He's saying that masking the password would make it seem safer than it really is, i.e. that it's not as trivially obtainable by a simple piece of software. That's not an intuitive concept for users, but it's a choice the Chrome team deliberately made so as to not mislead them. This is a fine stance, and not one deserving of so much bad press. On Thu, Aug 8, 2013 at 12:05 PM, Kyle Maxwell ky...@xwell.org wrote: On Thu, Aug 8, 2013 at 11:01 AM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: On Thu, Aug 8, 2013 at 8:56 AM, Kyle Maxwell ky...@xwell.org wrote: Must every app data store reinvent the wheel rather than use operating system functionality? Agree in theory, but do all operating systems have standard data stores that are encrypted with the user's password? They don't. Understood and point taken - but in general I'd rather point users towards better password management than the browser in any case, whether that's something like Lastpass / Keepass or something else entirely. *insert pointless rant about how passwords are a terribly broken model in the first place* -- @kylemaxwell -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Shava Nerad shav...@gmail.com -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
[liberationtech] And now for some completely different flame... Chrome + password management
Are they being irresponsible or aren't they? http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link That is a serous question in interested to hear a variety of opinions on, both for and against Google's position, OK go! Spoiler alert, I think both players are being jerks and not considering the importance of outreach and how users learn... -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] And now for some completely different flame... Chrome + password management
On Wed, Aug 7, 2013 at 7:04 PM, Brian Conley bri...@smallworldnews.tv wrote: Are they being irresponsible or aren't they? http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link That is a serous question in interested to hear a variety of opinions this is how desktop environments manage passwords. you could copy paste some python into a terminal to do the same thing for any logged in user, not just browser passwords. (wifi, disk crypto, services, etc.) you manage this key ring with a password. if it is unlocked, assume your passwords are available in the clear! set your desktop to auto-lock on idle. require a password to unlock. if you need stronger separation of identities, authorizations, or risk, try a more constrained and isolated environment like Qubes [0]. if you want better control over the access and availability to credentials provided by a key ring / key manager, then install one that meets your needs and can be configured to the policy you desire. 0. Qubes implements Security by Isolation http://qubes-os.org/trac/wiki/QubesArchitecture -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
Re: [liberationtech] And now for some completely different flame... Chrome + password management
Encrypting the passwords with a master passphrase wouldn't be useless. At the very least it makes it harder to extract plaintext passwords from a discarded harddrive. On the other hand, a master passphrase doesn't offer nearly as much security as users think it does when they enable the feature. It doesn't make it safe to let another person use your computer, for example. (Even if the attacker is an illiterate shouldersurfer, they can download tools that trivially extract the passwords after the store has been decrypted--not to mention that there are many other ways the passwords can be compromised where it simply doesn't matter that you have a master password, or that the store is encrypted.) As you said, both sides are right, and both sides are being dicks about it. A master password gives a false sense of security, but it also defeats the most rudimentary oh let's log into his/her Facebook and post a stupid message, lol! I know how to see their passwords!. We want people to lock their screens/log out/shut down their computer when they don't use it is an respectable and beneficial position of Google to take, and I can only shake my head in response to them getting this much bad press for it. (Virtually all the press I've seen has made it sound like other browsers don't in fact store passwords in a reversible format when clearly this is necessary for the autofill/autologin feature to work at all.) On Wed, Aug 7, 2013 at 10:04 PM, Brian Conley bri...@smallworldnews.tvwrote: Are they being irresponsible or aren't they? http://mashable.com/2013/08/07/chrome-password-security/?utm_cid=mash-com-fb-main-link That is a serous question in interested to hear a variety of opinions on, both for and against Google's position, OK go! Spoiler alert, I think both players are being jerks and not considering the importance of outreach and how users learn... -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Liberationtech list is public and archives are searchable on Google. Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech