I think a master password or PIN is very much like a "filing cabinet lock" and it does have value against curious people. Most people are not malicious and a simple lock sends the signal: "This isn't for you, and trying to bypass it makes you bad. I know you're not a bad person." It has value.
However, I imagine the line of reasoning for PIN or MP in the browser goes like this: 1) PIN or MP probably shouldn't be enabled by default 2) Most people don't change the defaults 3) Expected value of a MP or PIN is small vs the complexity of supporting it 4) There are alternatives for people who care, e.g., OS level profile locking 5) Screw it -chris On Aug 6, 2013, at 9:10 AM, Richard Newman <[email protected]> wrote: > Related: in all the discussions about killing Master Password, its use as a > "filing cabinet lock" – keeping out snoopers, not attackers – seems to be the > most compelling argument. > > (Phone; please excuse brevity.) > > > -----Original Message----- > From: Lloyd Hilaiel [[email protected]] > Received: Tuesday, 06 Aug 2013, 4:51am > To: [email protected] [[email protected]] > Subject: "chrome's insane password security strategy" > > > http://blog.elliottkember.com/chromes-insane-password-security-strategy > > (forwarded from dev-identity) > > lloyd_______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
